CN111602372B - Method and control system for controlling and/or monitoring a device - Google Patents

Abstract

The invention relates to a method and a control system for controlling and/or monitoring a device, with which a chain of control commands in a block chain for a specific task for controlling the device can be managed in a simple manner. In particular, the invention allows for a specific task to assign a predefined validity to the block chain-based system control, wherein the validity is defined, for example, by the life cycle (e.g., service life) of the system.

Description

Method and control system for controlling and/or monitoring a device

technical field

The invention relates to a method and a control system for controlling and/or monitoring a plant.

Background technique

Devices, such as field devices and production devices, are increasingly networked and can be provided/operated, for example, by different operators. Frequently, these devices are transmitted instruction sequences that can be implemented by these devices. The disadvantage here is that it is difficult to control the execution of these command sequences in a heterogeneous network of devices of different operators.

Contents of the invention

The object of the present invention is to find an alternative to the solutions known from the prior art.

This task is solved by the features stated in the independent claims. Advantageous developments of the invention are indicated in the dependent claims.

Blockchains (Blockchains in English) or “Distributed Ledgers” technology is currently a hotly discussed technology, which can be realized especially as a distributed database system. In addition to the application of decentralized payment systems such as cryptocurrencies, new application possibilities are developed in the financial industry. In particular, transactions between companies can thereby be effected without intermediaries or clearinghouses without manipulation. This enables new business models without trusted intermediaries, which reduces transaction costs, and enables the flexibility to provide new digital services without having to set up infrastructure and trust relationships purpose-built for this purpose. A transaction data record (or transaction for short) secured by a blockchain includes, for example, a program code, which can also be referred to as a so-called “smart contract”.

According to a first aspect, the invention relates to a control system for controlling and/or monitoring equipment, the control system comprising:

- Distributed database system (BC) with:

- a plurality of nodes (BCN, BCN_D), wherein the nodes (BCN, BCN_D) and devices (D, BCN_D) are connected to each other via a first communication network (NW1);

- a first selection module (110), configured to select a control instruction according to a selection rule, wherein

- said selection module (110), in particular a selection module (110) according to any one of the embodiments;

- a first storage module (130) for storing selected (selected) control instructions in a control transaction, wherein

- said control transactions are stored in said distributed database system (BC),

- said control transaction is transmitted to said device (D, BCN_D) or said node (BCN, BCN_D) by means of said distributed database system (BC).

Unless otherwise specified in the ensuing description, the terms "execute," "calculate," "computer-aided," "calculate," "find out," "generate," "configure," "reconstruct," and similar terms are used It preferably involves operations and/or procedures and/or processing steps which change and/or generate data and/or transform these data into other data, wherein these data can be used in particular as physical quantities to appear or exist, for example as electrical impulses. In particular, the expression "computer" should be interpreted as broadly as possible in order to cover, inter alia, all electronic devices having a data processing nature. Thus, a computer may be, for example, a personal computer, a server, a stored programmable controller (SPS), a hand-held computer system, a Pocket-PC (Pocket-PC) device, a mobile radio, and other communication devices that can computer-aided data processing, processing controllers and other electronic equipment used for data processing.

In the context of the present invention, "computer-assisted" is to be understood, for example, as an implementation of the method, wherein in particular a processor carries out at least one method step of the method.

In connection with the present invention, a processor may be understood as a machine or an electronic circuit, for example. The processor may especially be a central processing unit (Central Processing Unit, CPU in English), a microprocessor or a microcontroller, such as an application specific integrated circuit or a digital signal processor, etc., which may be combined with a storage unit for storing program instructions . Processor also can be IC (integrated circuit, English Integrated Circuit), especially FPGA (English Field Programmable Gate Array (field programmable gate array)) or ASIC (application-specific integrated circuit, English Application-SpecificIntegrated Circuit) or DSP (digital signal Processor, English Digital Signal Processor) or graphics processor GPU (Graphic Processing Unit). A processor may also be understood as a virtual processor, a virtual machine, or a soft (Soft) CPU. For example, it can also be a programmable processor which is equipped with configuration steps for carrying out the mentioned method according to the invention or which is configured with configuration steps such that the programmable processor Features according to the invention implement methods, components, modules or other aspects and/or partial aspects of the invention.

In conjunction with the present invention, "storage unit" or "storage module" and the like can be understood as, for example, a volatile memory (English Random-Access Memory, RAM (Random Access Memory)) in the form of a working memory or a hard disk. Permanent memory or data carrier.

In connection with the present invention, a "module" can be understood, for example, as a processor and/or a storage unit for storing program instructions. For example, a processor is specially configured to implement program instructions such that the processor performs functions such that the method according to the invention or the steps of a method according to the invention are carried out.

A module may also be, for example, a node of a distributed database system, and the node, for example, realizes a specific function/feature of a corresponding module. The corresponding modules can also be designed as separate or independent modules, for example. For this purpose, a corresponding module may comprise further elements, for example. These elements are, for example, one or more interfaces (eg database interfaces, communication interfaces—eg network interfaces, WLAN interfaces) and/or evaluation units (eg processors) and/or storage units. By means of these interfaces, for example, data can be exchanged (eg received, transmitted, sent or provided). By means of the evaluation unit, for example, data can be compared, checked, processed, assigned or calculated computer-aided and/or automatically. By means of the storage unit, data can be stored, retrieved or made available, for example, computer-aided and/or automatically.

In connection with the present invention, "comprising", especially in relation to data and/or information, can be understood, for example, as storing corresponding information or corresponding data (computer-aided) in a data structure/data record (this data structure/data record is again stored, for example, in a storage unit).

In connection with the present invention, "assignment", in particular "assignment" in relation to data and/or information, is to be understood as, for example, a computer-assisted allocation of data and/or information. For example, the second data is assigned to the first data by means of a storage address or a unique identifier (UID in English) for this purpose, in that, for example, the storage address or the unique identifier of the first data and the second data are jointly identified stored in the data record.

In connection with the present invention, "providing", especially "providing" with respect to data and/or information, can be understood, for example, as computer-assisted providing. This provision is made eg via an interface (eg a database interface, a network interface, an interface with a storage unit). For example, in the case of this provision, corresponding data and/or information can be transmitted and/or sent and/or invoked and/or received via this interface.

In connection with the present invention, “provide” can also be understood, for example, to mean loading or storing, for example loading or storing a transaction with corresponding data. This can be done, for example, on or by the memory module. "Providing" can also be understood, for example, as transmitting (or sending or transmitting) corresponding data from one node of a blockchain or distributed database system (or its infrastructure) to another node.

In connection with the present invention, a "smart contract process" can especially be understood as a process in which program codes (eg control instructions) are implemented through a distributed database system or its infrastructure.

In connection with the present invention, "checksum", such as data block checksum, data checksum, node checksum, transaction checksum, chain checksum or the like, can for example be understood as a cryptographic checksum or cryptographic hashes or hash values, said cryptographic checksums or cryptographic hashes or hash values, in particular by means of cryptographic hash functions, through one or more of the data records and/or data and/or transactions and /or a partial area of a data block (for example, the block data header of a blockchain block or the data block data header of a data block in a distributed database system, or only a part of a transaction of a data block) to obtain or calculate. The checksum can in particular be one or more checksums or one or more hash values of a hash tree (eg Merkle tree, Patricia tree). Furthermore, the checksum can also be understood in particular as a digital signature or a cryptographic message authentication code. By means of checksums, for example, cryptographic protection/manipulation protection for transactions and the data stored in these transactions can be implemented at different levels of the database system. If, for example, high security is required, a checksum on the transaction level is generated and checked, for example. If less high security is required, for example checksums are generated and checked at the block level (for example for the entire data block or only for a part of the data block and/or a part of the transactions).

In connection with the present invention, a "data block checksum" may be understood as a checksum calculated, for example, over a part or all transactions of a data block. The node can then check/ascertain the integrity/authenticity of the corresponding part of the data block, for example by means of the data block checksum. In addition or as an alternative, the data block checksum can in particular also already be ascertained by transactions of the preceding data block/predecessor data block of this data block. In this case, the data block checksum can in particular also be realized by means of a hash tree, for example a Merkle tree [1] or a Patricia tree, wherein the data block checksum is in particular a Merkle tree or a Patricia tree Or the root checksum of a binary hash tree. In particular, transactions are secured by means of other checksums from Merkle trees or Patricia trees (for example in the case of using transaction checksums), wherein these other checksums are in particular Merkle trees or Leaves from the Patricia tree. In this way, for example, a data block checksum can protect a transaction by determining the root checksum from these other checksums. In particular, the data block checksum can be calculated for transactions of a specific one of the data blocks. Such a data block checksum can in particular be added to a subsequent data block of a specific data block in order to link the subsequent data block with its preceding data block and in particular thereby enable a complete performance check of the distributed database system . As a result, the data block checksum can, for example, assume the function of a chain checksum or be added to a chain checksum. The data header of a data block (for example a new data block or a data block for which a data block checksum has already been determined) can include, for example, a data block checksum.

In the context of the present invention, a "transaction checksum" is to be understood as a checksum which is determined in particular by transactions of a data block. In addition, for example, the calculation of the data block checksum for the corresponding data block can be accelerated, since for this purpose, for example, already calculated transaction checksums can be immediately used, for example, as leaves of a Merkle tree.

In connection with the present invention, a "chained checksum" is to be understood as a checksum which, in particular, specifies or locates a previous data block of the distributed database system to the corresponding data block of the distributed database system (in the In particular, it is often referred to as "previous block hash (previous block hash)") in technical terms [1]. For this purpose, in particular a corresponding chain checksum is ascertained for the corresponding preceding data block. For example, the transaction checksum or the data block checksum of the data block (that is, the existing data block of the distributed database system) can be used as the chain checksum, so that the new data block and the distributed database system (the existing data block) Yes) data block linking. However, it is also possible, for example, that the checksum is ascertained via the data header of the preceding data block or via the entire preceding data block and used as a chain checksum. This can, for example, also be calculated for several or all previous data blocks. For example, it is also possible to obtain a chained checksum from the header of the data block and the checksum of the data block. However, the respective data blocks of the distributed database system preferably each comprise a chained checksum for the preceding data block of the respective data block, in particular also more preferably the immediately preceding The data block is calculated from or refers to the preceding data block, in particular still more preferably the immediately preceding data block. It is also possible, for example, that the corresponding chain checksum is also ascertained only from a part of the corresponding data block (for example the previous data block). As a result, for example, a data block can be realized which includes an integrity-protected part and an unprotected part. In this way, it is possible, for example, to implement a data block whose integrity-protected parts cannot be changed and whose unprotected parts can still be changed later. Integrity-protected should be understood here in particular to mean that changes to integrity-protected data can be detected by means of a checksum.

In particular, it is possible to provide data in different ways, which are stored, for example, in transactions of data blocks. Instead of data, such as user data, such as measurement data or asset-related data/property relations, transactions of data blocks may, for example, only include checksums for these data. A corresponding checksum can be realized in different ways here. This can be, for example, a corresponding data block checksum of a data block (with corresponding data) of another database or distributed database system, a data block (of a distributed database system or other database) with corresponding data The transaction checksum or the data checksum that has been obtained through these data.

In addition, the corresponding transaction may also include pointers or instructions to the storage location (such as the address of the file server and instructions on where the corresponding data can be found on the file server; or other distributed databases including these data the address of). Corresponding data may then, for example, also be provided in other transactions of other data blocks of the distributed database system (for example if the corresponding data and the associated checksum are contained in different data blocks). However, it is also conceivable, for example, that these data be provided via other communication channels, for example via other databases and/or password-protected communication channels.

For example, in addition to the checksum, an additional data record (for example an indication or description of the storage location) can also be stored in the corresponding transaction, which specifies in particular the storage location from which the data can be called. This is advantageous in particular with regard to keeping the data volume of a blockchain or distributed database system as low as possible.

In the context of the present invention, "secured protection" is to be understood, for example, as protection implemented in particular by means of cryptographic methods. This can be achieved, for example, by using a distributed database system to provide or transmit or send the corresponding data/transactions. Preferably, this is achieved by a combination of different (cryptographic) checksums, in that these (cryptographic) checksums work together, in particular synergistically, in order to improve, for example, the security or cryptographic security of the data of the transaction. In other words, in connection with the present invention, "security-protected" can also be understood as "password-protected" and/or "manipulation-protected", wherein "manipulation-protected" can also be referred to as "integrity-protected".

In conjunction with the present invention, "a link of one/more data blocks of a distributed database system" can be understood, for example, as: the data blocks respectively include information (such as a chain checksum), which points out one or more data blocks of the distributed database system multiple other data blocks or locate the one or more other data blocks [1][4][5].

In the context of the present invention, "embedded into a distributed database system" and the like can be understood, for example, to mean that in particular one or more transactions or data blocks with transactions thereof are transmitted to one or more nodes of the distributed database system. These transactions are especially linked as new data blocks with at least one existing data block of the distributed database system if they are for example successfully validated (e.g. by the node/nodes) [1][4][ 5]. For this purpose, for example, corresponding transactions are stored in new data blocks. The validation and/or linking can in particular take place via trusted nodes such as a blockchain oracle (Oracle) or a blockchain platform (Plattform). In this context, a blockchain platform can be understood in particular to mean blockchain as a service (Blockchain as a Service), as proposed especially by Microsoft or IBM. In particular, nodes and/or trusted nodes may respectively register node checksums (e.g. digital signatures) in data blocks (e.g. data blocks validated and produced by these nodes, which data blocks are then linked), so that In particular, the creator of the data block can be identified and/or the node can be identified. In this case, the node checksum indicates which node, for example, has linked the corresponding data block with at least one other data block of the distributed database system.

In connection with the present invention, one or more "transactions" can be understood, for example, as a smart contract [4] [5], a data structure or a transaction data record, which in particular includes one or more of these transactions in each case. In conjunction with the present invention, one or more "transactions" can also be understood as transaction data of a block chain (Blockchain in English), for example. In particular, a transaction can include program code, which implements a smart contract, for example. In connection with the present invention, a transaction can also be understood, for example, as a control transaction and/or a confirmation transaction. Alternatively, a transaction may be, for example, a data structure that stores data, such as control instructions. In particular, a transaction can include program code, which implements a smart contract, for example. In connection with the present invention, a transaction can also be understood, for example, as a control transaction and/or a confirmation transaction. Confirmation transactions may eg be stored in the distributed database system after a control transaction has been successfully performed by the device (eg the device stores the confirmation transaction in the distributed database system). Confirmation of the transaction may include, for example, confirmation by the corresponding device of the devices of the control instruction to implement the control transaction if one of the devices has successfully implemented the control instruction of the control transaction. For this purpose, confirming a transaction can include, for example, a checksum (for example a transaction checksum) generated by the corresponding device for the executed control command and/or an acknowledgment of the execution, which is for example also protected by this checksum . For example, confirmation transactions may also be stored in the distributed database system if the device partially implements control instructions and/or the implementation of these control instructions is interrupted. This may be the case, for example, if during the execution of the control commands damage has occurred on the device which no longer permits the execution of these control commands (for example damage has occurred on the actuator or the tool). For example, other devices that meet the implementation requirements for the remaining unimplemented control instructions can then implement these unimplemented control instructions of the corresponding control transaction, for example, based on the confirmation transaction. Correspondingly, a confirmation transaction may include, for example, the degree of implementation or a statement about the implemented portion of these control instructions. Alternatively or additionally, the confirmation transaction can specify control instructions which must still be executed in order to successfully execute the control instruction of the corresponding control transaction. Correspondingly, a confirmation transaction can include, for example, a data record which specifies which of these control instructions should still be carried out or which data record specifies which control instructions of the corresponding control transaction are missing for the successful execution of the control instructions Which control instructions in . This makes it possible, for example, that further processing of the control commands can take place even if the execution of the control commands on the device has been interrupted. Correspondingly, for example, it may be required in these implementation requirements that more than one device (such as two or three devices or more devices) meet these implementation requirements, so that even if, for example, a device is implementing the corresponding control instruction of the control transaction Period failure also ensures the implementation of these control instructions.

Alternatively, a transaction may be, for example, a data structure that stores data, such as control instructions. A transaction can, for example, also be called a message (ie a communication message storing data) or can be a message storing corresponding data (eg a control command), for example. Accordingly, corresponding transactions or messages can be exchanged using the present invention. In this case, transactions can include, for example, control commands and/or contract data and/or other data, such as video data, user data, measurement data, etc.

In connection with the present invention, "control instruction" or "control transaction" can be understood, for example, as a smart contract [4][5] or an executable program code, the smart contract or the executable program code, especially through a distributed database system To implement, wherein, for example, a distributed database system or its nodes and infrastructure execute or implement corresponding control instructions. In particular, devices/nodes can be controlled with control commands. In particular, the devices and/or nodes can or should be controlled/operated with these control instructions or the/a control transaction's control instructions. In particular, a plurality of control commands or control transactions from one or more data blocks results in a sequence of commands, in particular for controlling a manufacturing plant with associated manufacturing machines, for controlling devices of an automation network or for controlling an energy supply network devices or control devices in the Internet of Things. In particular, product-specific manufacturing orders or manufacturing steps are coded in the control commands or control transactions (ie also included in the command sequence). Devices (eg corresponding devices) are, for example, devices of technical systems and/or industrial plants and/or automation networks and/or manufacturing plants and/or devices in the Internet of Things, which are also, in particular, nodes of a distributed database system. In this case, these devices can be, for example, field devices which are also, in particular, nodes of a distributed database system. These devices can also be, for example, automatic teller machines, in which control commands cause cash to be withdrawn. For example, a control instruction can be derived from an instruction sequence or determined from said instruction sequence. For example, a control transaction may include one or more control instructions. For example, a control transaction may include one or more control instructions. For example, control instructions encode mechanical motion and/or other physical quantities (such as pressure or temperature) that are converted by corresponding devices/nodes (for example, via corresponding actuators) into corresponding The mechanical motion and/or other corresponding physical quantities. The devices and/or the actuators of the nodes are then controlled, for example with control commands. Correspondingly, the corresponding devices/nodes include actuators, for example. If the device/node is eg a robot, the actuator is also called an actuator. The device can also be, for example, an electromechanical device or system, wherein the electromechanical device/system is, for example, an actuator and/or a linear technology device. Linear technology devices are, for example, devices for carrying out translational movements . A corresponding device can also be a drive system, for example. By means of the control commands and the devices and/or nodes, for example, the regulating loop can also be regulated and/or controlled by, for example, analyzing confirmation transactions for the control instructions executed by the control system and generating corresponding control instructions. Then, for these new control instructions, for example, the corresponding implementation requirements are re-determined, and then, for example, these implementation requirements are re-stored in control transactions, so that these control transactions can be controlled by the corresponding equipment to implement. The control instructions can also be, for example, control instructions for controlling the cryptographic device and/or the method (eg user authentication or user authentication).

For example, the control instruction can also be understood as an instruction sequence from a database or a database system, or can also be understood as a transaction from a database or a database system, and the instruction sequence or the transaction should pass through the equipment or nodes of the distributed database system to implement. The database system can be, for example, a distributed database system if, for example, there are transactions which have not yet been dispatched or assigned fulfillment requirements. Alternatively or additionally, the database system can be another database, for example a conventional hierarchical database, from which corresponding transactions can be called. A control command can also be understood, for example, as a command sequence or also as a transaction, which is to be provided via the input system and which is to be executed by the distributed database system. . A control instruction can be understood, for example, as a sequence of instructions or a control instruction for controlling a mechanical and/or electrical and/or electromechanical and/or electronic device.

In connection with the present invention, "equipment-specific requirements" can be understood, for example: specific equipment, which is specified, for example, by a unique identifier; equipment that can perform predetermined control actions (such as the manufacture of weldable robot; a painting robot that can apply a predetermined color to a manufactured part; a device that automatically establishes electrical connections in a substation); or a device that performs manufacturing with a predetermined accuracy and/or speed Steps or control instructions (such as lathes, mills, and cutters). As an alternative or in addition, the "device-specific requirements" may also presuppose certain device classes that are predetermined for the execution or execution of the control command. In this context, an appliance category is understood to mean, in particular, one or more appliances (for example a grinding machine or a sawing machine) which are, for example, able to carry out certain predetermined actions (for example grinding or sawing a certain material). Device-specific requirements are, in particular, requirements placed on the corresponding device and/or node for the execution of the control commands. The device-specific data or device properties then correspond, for example, to actual and/or current device-specific data or device properties of the device. For example, it is checked whether a plant or production machine is able to execute control commands, which are specified, for example, in plant-specific requirements, with a predetermined accuracy. Plant-specific requirements can also be referred to as machine- and/or electromechanical and/or production-specific requirements, in particular. In particular, device-specific data or device characteristics can also be referred to as machine and/or electromechanical and/or production-specific data or device characteristics. In particular, device-specific data or device properties can also be referred to as device information. The device-specific requirements specify, in particular, requirements that are to be fulfilled by device-specific data of the device. In other words, the plant-specific requirements predetermine a "setpoint" value, which is compared with the "actual" value of the plant. In this case, the device-specific data are in particular the current device properties. These device characteristics/device-specific data include, for example: the UID of the device or system; available tools or supported manufacturing methods (milling, grinding or 3D printing); manufacturing accuracy; manufacturing cost; device location; Network addresses for addressing/manipulation; authorized users, etc.

Device-specific requirements can also be, for example, security requirements or location-related requirements that the device should fulfill in order to carry out the control commands (for example country specification, GPS specification or postal code (PLZ)). For example, it may be required that the device should have predetermined safety features or that specific/predetermined authorizations and/or authentications are also required for the execution of the control commands on the device. This could be the case, for example, if someone wants to withdraw cash at a device such as an ATM. Next, the control instruction is, for example, a request from the customer to withdraw cash. If, for example, the corresponding customer has set that he is only allowed to make cash withdrawals in predetermined countries, such as Italy, France and Austria, for example, then this is stored in the device-specific requirements (and in particular if necessary also implicitly stored in the implementation requirements). ATMs in Andorra would then not allow withdrawals or prohibit such withdrawals if necessary. Alternatively, this can also be prohibited, for example, by other nodes of the distributed database system or by a smart contract of the distributed database system. For example, customer-specific authentication can also be required via security requirements. For example, entering a password (Pin) for extraction (this is not necessarily the case in the USA, for example) and/or requiring a specific password length (e.g. 8 characters); and/or requiring other additional authentication methods (e.g. 2 Factor Authentication, Mobile-Tan, Google Authenticator).

Alternatively, the selection module can also further analyze the control instructions and if, for example, the selection module has ascertained that the selection rules (e.g. device-specific requirements) are not fulfilled or cannot be met, a control transaction is created, which is sent to the corresponding device or The system indicates this and, if necessary, prohibits the execution of the control commands. Alternatively, it is also possible, for example, that no control transaction is generated and that at some point there is a timeout for executing the control command, for example after a preferably configurable predetermined time period.

In connection with the present invention, "selection rules" can be understood, for example, as global selection rules and/or local selection rules and/or device-dependent selection rules. By means of selection rules it can be specified, for example, which control commands are only accepted; or alternatively it can be specified that certain control commands are prohibited from being carried out. Global selection rules are, for example, selection rules that are defined independently of specific devices/nodes. This can be, for example, a rule stating that the execution of certain types of control commands and/or parameter ranges used by the control commands should be prohibited by the device and/or the node. This can be, for example, a control command which, although the device can execute it, the execution of which can cause very severe wear and tear on the device or is simply too expensive to execute. In the global selection rule, for example, it can also be stipulated that certain control instructions should preferably only be carried out in predetermined regions. In particular, if the distributed database system is, for example, a globally distributed database system, it can be specified that certain control instructions should only be implemented in Sweden. For this purpose, for example, control commands intended for non-Swedish devices are filtered out by the selection module (e.g. in such a way that no control transactions are specified for these control commands) and only control commands for Swedish devices are selected by the selection module and stored In the control transaction for the corresponding device/node.

A local selection rule may be, for example, a rule that should be applicable to a specific subsystem or a specific device (eg, multiple devices) of the distributed database system. This can be, for example, a specification that specific control commands are only allowed to be executed in predetermined regions (similar to a global selection rule with regional specifications) for certain device classes (eg 3D printers). For example, it can also be specified in the local selection rules that certain plant types should be utilized up to 80% in order to reduce wear on the blast furnace, for example, by observing certain cooling times, for example. Local selection rules can also stipulate, for example: specific control instructions are only implemented when at least 80% of the equipment or nodes of the subsystem are utilized during manufacture (similar specifications can also be specified in global selection rules, so that e.g. Correspondingly make full use of the entire manufacturing system).

A device-specific selection rule can be understood, for example, as a device-specific implementation requirement. These implementation requirements can include, for example, device-specific requirements and/or prerequisite control instructions. Preferably, the selection rule has a structure that is instantiated, for example, by a processor. Here, these selection rules include, for example, the entities of the global selection rules, wherein the global selection rules include, for example, one or more entities of the local selection rules. The local selection rules, for example, each preferably comprise one or more entities of the device-dependent selection rules. Alternatively or additionally, the rule structure can be stored, for example, in transactions of the distributed database system.

Selection rules (eg global, local, device-specific) can specify authentication requirements and/or security requirements, for example. In this case, it can be provided, for example, that for the execution of the control commands an authorization is checked as to whether the sender or the party providing the control commands is at all authorized to execute these control commands via the nodes and/or devices. In this case, the check can be carried out, for example, by the selection module or one of the modules included in the selection module. For example, by means of security rules, the password protection that must be fulfilled for the control commands can be predetermined. For example, a global selection rule can specify that a cryptographic key length of 128 bits is required globally. Then, in the corresponding local selection rules, for example, a key length of 256 bits may be required for a specific region, and the control command is encrypted or digitally signed using the key length of 256 bits. Then, for certain control commands, for example, which should be executed by equipment of not very trustworthy subcontractors, for example a cryptographic key length of 512 bits may be required, and for example additional security requirements may also be required in order to prevent, for example, The know-how in these control instructions is transferred to unauthorized personnel.

For example, regional regulations can also be used to prohibit piracy if, for example, manufacturing machines (eg 3D printers) are located in several countries but competitors have patents for the product to be manufactured eg in some of these countries.

Alternatively or additionally, a selection rule (eg global, local, device-specific) can also predetermine, for example, a threshold value for a cost that the corresponding control command must not exceed. Alternatively or additionally, selection rules (eg global, local, device-specific) can also predetermine, for example, the optimizability of the control commands, which must be met by the control commands.

Alternatively or additionally, selection rules or implementation requirements can also include, for example, other specifications to be considered for implementation. This can be, for example, the specification that a certain fee must be paid in order for the control command to be executed by the corresponding node or device. This can be stored, for example, in device-specific requirements in that the device presupposes the payment of a predetermined fee for its use or for the execution of the control commands. Alternatively, such specifications can also be stored in global selection rules and/or local selection rules and/or device-specific selection rules. The payment of the predetermined fee can be effected, for example, by means of cryptocurrency, which is preferably also recorded or stored in the transactions of the distributed database system. Whether these specifications are fulfilled (for example payment of fees) can also be checked, for example, by means of a selection module or evaluation unit by checking, for example, whether a transaction for the corresponding payment of fees is available in the distributed database system. Alternatively, it is also possible, for example, to check the status of the account at the bank: whether the corresponding fee payment has been made. If the specifications of the implementation requirements are fulfilled for the corresponding control commands, for example, these control commands can be further processed and stored in a control transaction as already explained.

In connection with the present invention, "subsystem" can be understood, for example: equipment group; specific equipment type; equipment assigned to a certain facility or facility part; equipment installed in a certain region/country; or the mentioned possible sexual combination. In this case, a plant can be, for example, a manufacturing plant or a power plant, and parts of this plant can be, for example, a milling machine or a 3D printer of the manufacturing plant. A device group can also be understood, for example, to be an automatic teller machine, which is assigned, for example, to a certain bank and/or to a certain region.

In connection with the present invention, "system-specific data" or "device-specific data" can also be understood, for example, as system or device properties of a device or technical system. Device-specific or system-specific data are, for example, current device or system properties. Device-specific or system-specific data (or corresponding properties) may include, for example, data for a technical system, device or device of a technical system: the UID of the device or system; the available tools or supported manufacturing method (milling, grinding or 3D printing); manufacturing precision of the device or system; manufacturing cost of the device or system; location of the device or system; network address used to address/operate the device or system; Authorized users; names of devices or systems, etc.

Depending on the selected implementation, the system-specific data can, for example, be fully realized for one or more devices of the technical system, in that the corresponding devices of the technical system can also, for example, via the UID (network) of the technical system address to be addressed, identified, or communicate with these devices. Alternatively or in addition, device-specific data, for example for the device or the plurality of devices of the technical system, may be included in the system-specific data.

In connection with the present invention, a "technical system" can be understood, for example, as a device or devices that are communicatively connected to each other and/or to a distributed database system (such as a first distributed database system) .

In the context of the present invention, a "precondition control instruction" can be understood, for example, as a control instruction that must have been executed by other nodes (of the distributed database system) and/or by, in particular, before the corresponding control instruction can be implemented. One or more of these device implementations. In particular, the corresponding confirmed transactions for these pre-implemented control instructions are stored in the distributed database system (eg stored in data blocks of the distributed database system). In particular, in the case of these pre-implemented or prerequisite control commands, the device-specific requirements assigned to these pre-implemented control commands are also checked or taken into account. By means of the implementation requirements it is ensured in particular that, for example, the sequence of the production steps is adhered to during the production of the product. In this way, for example, it is achieved that the production sequence is properly observed. For example, it is prevented that one production step is destroyed by another production step simply because the production sequence is not observed. Similarly, in particular the control of the energy supply network can also be controlled in that, for example, transformers or voltage couplers are connected in the correct sequence or connected to the energy supply network. These prerequisite control instructions may be empty if, for example, they are not required for implementing the control instruction or the control transaction. For example, these precondition control instructions may be populated with zeros, with an empty string, or with a value indicating that no precondition control instructions are required. Alternatively, for example, no execution requirement can be assigned to some of the control commands, wherein in particular at least one execution requirement is assigned to at least one of the control commands. These prerequisite control commands are, for example, control commands that have already been converted by the device and/or nodes into predetermined mechanical movements and/or other physical quantities (such as pressure or temperature) or should be executed before executing these control commands is transformed (e.g. in order to prepare artifacts). The actuators of the devices and/or nodes are then actuated, for example, with these prerequisite control instructions (provided they are successfully carried out), so that the workpieces have been placed, for example, for possible further processing or can be enabled after execution of the prerequisite control instructions. The state in which further processing is effected or the state of manufacture. Correspondingly, the corresponding device/node can then be actuated, for example, with the control commands of the control transaction, such that (for example, if these precondition control commands have been carried out and for which in particular confirmation transactions exist) the further processing. With the aid of these preconditioning control instructions and devices and/or nodes, for example, a regulating loop can also be regulated and/or controlled by, for example, analyzing the confirmation transactions for the control instructions implemented/prerequisites by the control system and as a reference to the confirmation transactions response to generate corresponding control commands. These prerequisite control commands can also be, for example, control commands already used to operate the cryptographic device and/or the method (eg user authentication or user authentication). Alternatively or additionally, the detection of certain measured variables can be predetermined (for example by sensors) via these prerequisite control commands, for example. For example, it is thereby specified that a corresponding transaction with a corresponding measured value should comply with a predetermined measured value range or threshold value. The measured value may be, for example, the value of the measured parameter (eg 30° C.) and/or date/time of detection and/or location of detection and/or sensor type and/or other information about the sensor (eg measurement accuracy).

In particular, "storing a transaction in a data block" and the like shall be understood as direct storage or indirect storage. In this context, direct storage can be understood, for example, to mean that the corresponding data block (of the distributed database system) or the corresponding transaction (of the distributed database system) contains the corresponding data. Indirect storage can be understood here, for example, to mean that the corresponding data block or the corresponding transaction includes a checksum for the corresponding data and optionally an additional data record (for example, an indication or description of the storage location) , and the corresponding data is therefore not directly stored in the data block (or transaction) (ie instead there is only a checksum for these data). In particular, these checksums can be validated, for example, when storing the transactions in the data block, as is explained, for example, under "Embedding in a distributed database system".

In connection with the present invention, "program code" (for example a smart contract) can be understood, for example, to mean a program instruction or a plurality of program instructions which are stored in one or more transactions, in particular. In particular, the program code can be implemented, for example, via a distributed database system. This can be achieved, for example, by means of an execution environment (eg a virtual machine), wherein the execution environment or the program code is preferably Turing-complete. Preferably, the program code is implemented via the infrastructure of a distributed database system [4][5]. Here, for example, virtual machines are realized by the infrastructure of a distributed database system.

In connection with the present invention, a "separate and/or direct communication channel" is to be understood, for example, as a data transmission (e.g. sending, receiving, transmitting, providing or conveying) by means of a communication channel, such as for example via a Lightning Network firstly only for as implemented by cryptocurrencies [9]. For example, transactions/messages can be sent more quickly through this channel and confirmations about this data exchange can be stored in a distributed database system. In this way, for example, important and/or time-critical control commands or control transactions can be transmitted to the corresponding devices at a higher speed and in this way, for example, problems of distributed database systems (for example when copying data blocks/transactions) can be avoided. Slower data transfer. For example, separate and/or direct communication channels may be established for data transmission between devices (and/or nodes) for the invention and the mentioned aspects, embodiments, implementations and variants thereof. For example, in case of a direct communication channel, the transaction/message is directly between a sender (e.g. a (first) storage module and/or a (first) determination module) and a receiver (e.g. a device that should implement the control instructions) are exchanged without other nodes and/or devices of the distributed database system participating in the data exchange. In the case of a separate communication channel, however, nodes and/or devices of the distributed database system can take part in the data exchange. If a separate and/or direct communication channel has been successfully established between the sender and the receiver (i.e. through this especially a communication connection has been established), the data can be transferred between the sender and the receiver, for example in the form of a transaction or a message. are exchanged. For example, data and/or control transactions required to determine enforceability may be exchanged between sender and recipient. If, for example, the communication channel is closed/ended (i.e. in particular the communication connection ends), the result of the data transmission, for example, is stored in the distributed database system, for example in the form of a transaction (for example as a transmission confirmation transaction) system data block). The result of the data transmission may be, for example, an acknowledgment and/or analysis result of the transmission or receipt of the corresponding transaction/message and/or the last transmitted transaction/message which was made when the communication channel was closed previously transmitted via a separate and/or direct communication channel. The storage of transactions with this result can be done, for example, by the sender and/or the receiver. The result of the analysis can be, for example, a confirmation of the implementability of the control instructions that can be implemented by the device, wherein for example the corresponding device has confirmed that the device can implement these control instructions. This can again be stored, for example, in the transaction (for example in the enablement confirmation transaction) and for example in the implementation requirements (for example in the device-specific requirements). Alternatively or additionally, the enforceability confirmation transactions are stored in a distributed database system. In this case, the implementability confirmation transaction includes, for example, a unique identifier for a device that is capable of implementing the control command or that meets the corresponding implementation requirements. Alternatively or additionally, enforceability confirmation transactions include, for example, data about implementation, such as how well or to what extent implementation requirements are fulfilled (e.g. how quickly control instructions are executed, when are these control instructions safe How precisely or accurately these control instructions are implemented—for example, when implementing manufacturing control instructions). Alternatively or additionally, the enforceability confirmation transaction includes, for example, device-specific data of the corresponding device, which are relevant for implementing the control instruction, wherein for example, the device-specific data are generated by the corresponding device Determined at the point in time of confirmation of the implementability of the equipment. In this case, for example, the feasibility is confirmed and the device-specific data is determined at (nearly) the same point in time—for example, within a time window of a few seconds or minutes. For example, the data of the enforceability confirming transaction may also have been exchanged between the sender and the recipient before the enforceability confirming transaction is stored, for example, in a distributed database system. For example, the enforceability confirmation transaction can also be cryptographically protected (for example, the enforceability confirmation transaction can be encrypted or protected by a transaction checksum). Control transactions can, for example, also be transmitted in a similar manner to the corresponding device, which is to or can execute the control instructions. For this purpose, for example, another separate and/or direct communication channel can be established between sender and receiver. Alternatively, the communication channels mentioned above, for example, continue to be used. Then, the corresponding control transaction is transmitted, for example, to the corresponding device through the corresponding communication channel. If eg the communication channel is closed/ended when the transmission has been (successfully) completed, the result of the transmission is stored eg as a transmission confirmation transaction in the distributed database system. For example, the last message exchanged over the communication channel may also be stored in a transmission confirmation transaction (eg if the communication channel is interrupted) and the transmission confirmation transaction may then be stored eg in the distributed database system. This last exchanged message can be used, for example, to continue the data exchange or data transmission when the communication channel is re-established. Transmission confirmation transactions can also be cryptographically protected, for example. A transmission confirmation transaction may for example comprise a control instruction and/or a control transaction and/or a message that was last exchanged between the sender and the receiver. The continuation of the data exchange or data transmission can, for example, also be used for other data transmissions and is not exclusively limited to data transmission or data exchange for control transactions.

Separate and/or direct communication channels are advantageous in terms of improved transmission speed and/or transmission delay. For example, a hybrid approach is also possible in which, for example, corresponding communication channels are used for (for example high-priority) time-critical control commands. For example, depending on implementation requirements (for example, time-critical control commands or control commands for real-time applications), it can be determined whether a corresponding control command is to be transmitted via a corresponding separate communication channel. Alternatively or additionally, the (first) determination module can determine corresponding transmission requirements for the data transmission of the control transaction, for example when determining the implementation requirements. Transport requirements can be stored, for example, in implementation requirements. Then, depending on the transmission requirements, the storage module can determine, for example: whether the control transaction is stored in the distributed database system by transmission to the corresponding device; or whether a separate and/or direct communication channel is used to communicate to the corresponding device data transmission. The data transmission can then take place, for example, via a (first) memory module which, for this purpose, includes, for example, a corresponding communication module (eg a network interface).

In connection with the present invention, "smart contract" can be understood, for example, as executable program code [4][5] (see especially the definition of "program code"). Preferably, the smart contract is stored in a transaction of a distributed database system (such as a block chain), for example stored in a data block of a distributed database system. For example, smart contracts can be implemented in the same way as this is set forth in the definition of "degree code", especially in connection with the definition of "degree code" of the present invention.

In connection with the present invention, "proof of work" can be understood, for example, as the solution of a computationally intensive task that should be solved especially according to the content of a data block/specific transaction [1][4][5] . Such computationally intensive tasks are also known as cryptographic puzzles, for example.

In conjunction with the present invention, for example, a "distributed database system" that can also be referred to as a distributed database can be understood as a decentralized distributed database, blockchain (English Blockchain), distributed ledger, distributed storage system, based on distributed Ledger technology (DLT) system (DLTS), database security audit system, cloud, cloud service, blockchain in the cloud or peer-to-peer (Peer-to-Peer) database. For example, different implementations of blockchains or DLTS can also be used, such as blockchains or DLTS that rely on directed acyclic graphs (Directed Acylic Graph, DAG), cryptographic puzzles, hash diagram or a combination of the mentioned implementation variants [6][7]. For example, different consensus methods (English consensus algorithms) can also be implemented. This can be, for example, consensus methods by means of cryptographic puzzles, gossip about gossip, virtual voting or a combination of the methods mentioned (eg gossip about gossip combined with virtual voting) [6][7]. If, for example, a blockchain is used, this can be realized in particular by means of a cryptocurrency-based implementation or an Ethereum-based implementation [1][4][5]. A "distributed database system" can also be understood, for example, as a distributed database system in which at least a part of its nodes and/or devices and/or infrastructure is implemented via the cloud. For example, corresponding components are implemented as nodes/devices in the cloud (eg, as virtual nodes in virtual machines). This can be done, for example, by means of VM Ware, Amazon Web Services or Microsoft Azure. Due to the high flexibility of the described implementation variants, in particular partial aspects of the mentioned implementation variants can also be combined with one another by, for example, using a hashgraph as a blockchain, wherein the blockchain itself is also, for example, also Can be blockless.

If eg a Directed Acylic Graph (DAG) such as IOTA or Tangle (Dispute) is used, in particular the transactions or blocks or nodes of this graph are connected to each other by directed edges. This means in particular that (all) sides have (always) the same direction, as in the case of time, for example. In other words, it is especially impossible to walk or jump backwards (i.e. against the common same direction) to a transaction or block or node of the graph. Here, acyclic means in particular that there are no cycles when traversing the graph.

The distributed database system may be, for example, a public distributed database system (such as a public blockchain) or a closed (or dedicated) distributed database system (such as a private blockchain).

If, for example, a public distributed database system is involved, this means that new nodes and/or devices can be registered without proof of authorization or without authentication or without registration information or without credentials Join the distributed database system or be accepted by the distributed database system. In particular, the operator of the node and/or device can remain anonymous in this case.

If the distributed database system is, for example, a closed distributed database system, new nodes and/or devices, for example, require valid proof of authorization and/or valid authentication information and/or valid credentials and/or valid registration information in order to be able to Join or be accepted by a distributed database system.

The distributed database system can also be, for example, a distributed communication system for data exchange or a peer-to-peer (Peer2Peer) communication system or a peer-to-peer application. This can be, for example, a network or a peer-to-peer network.

The distributed database system/the distributed database system can also be, for example, a decentralized distributed database system and/or a decentralized distributed communication system.

In connection with the present invention, in particular "blocks" which may also be referred to as "links" or "blocks" depending on the context and implementation, are to be understood, for example, as distributed database systems (e.g. blockchain or peer-to-peer databases) A data block of , which is realized in particular as a data structure and preferably each includes one of these transactions or a plurality of these transactions. In one implementation, for example, the database (or database system) may be a DLT-based system (DLTS) or a blockchain, and the data blocks may be blocks of the blockchain or the DLTS. A data block may include, for example, the size of the data block (the amount of data in bytes), a data block header (English Blockheader), a transaction counter, and descriptions of one or more transactions [1]. Block headers can include, for example, version, chain checksum, block checksum, timestamp, proof-of-work, and nonce (one-time value, nonce, or counter used for proof-of-work) [1][4][5]. A data block can also be, for example, only a specific storage area or address area for all data stored in the distributed database system. In this way, for example, blockless (blockless in English) distributed database systems such as IoT Chain (ITC), IPTA, and Byteball can be realized. In this case, in particular the blocks of the blockchain and the functionality of the transactions are combined with each other such that, for example, these transactions themselves protect the sequence or chain of transactions (of the distributed database system) (i.e. in particular security-protected is stored). For this purpose, for example, the transactions themselves can be linked to each other with a chain checksum, by preferably a single checksum or the transaction checksum of one or more transactions being used as a chain checksum, in which When a new transaction is stored in the distributed database system, the chain checksum is also stored in the corresponding new transaction. In this embodiment, a data block can also include, for example, one or more transactions, wherein in the simplest case, for example, one data block corresponds to one transaction.

In connection with the present invention, "random number (Nonce)" can be understood as a cryptographic random number (abbreviation of "used only once" [2] or "number used once" [3]), for example. A random number represents in particular an individual number or letter combination which is preferably used only once in the respective context (eg transaction, data transmission).

In the context of the present invention, a "data block preceding a (specific) data block of the distributed database system" is to be understood, for example, as a data block of the distributed database system, in particular immediately preceding a (specific) data block. Alternatively, "a preceding data block of a (specific) data block of the distributed database system" can also be understood, in particular, to mean all data blocks of the distributed database system preceding the specific data block. Through this, chained checksums or transaction checksums, for example, can in particular only pass through the data block (or its transaction) immediately preceding a particular data block or pass through all data blocks preceding the first data block (or their transactions) to obtain.

In connection with the present invention, "blockchain node", "node", "node of a distributed database system" and the like may be understood, for example, as devices (such as field devices), computers, smartphones, clients or members that (e.g. field devices), computers, smartphones, clients or members (using) a distributed database system (e.g. blockchain) to perform operations [1][4][5]. Such nodes can, for example, execute transactions of the distributed database system or data blocks of these transactions or embed or link new data blocks into the distributed database system by means of new data blocks with new transactions. In particular, this validation and/or linking can take place via trusted nodes or only via trusted nodes. A trusted node is, for example, a node that has additional security measures (for example a firewall, access restrictions to the node or the like) in order to prevent manipulation of the node. Alternatively or additionally, for example, when linking a new data block with the distributed database system, a trusted node may store a node checksum (eg a digital signature or certificate) in the new data block. In this way, in particular a certificate can be provided which states that the corresponding data block was embedded by a certain node or which originates the data block. Devices (eg corresponding devices) are, for example, devices of technical systems and/or industrial plants and/or automation networks and/or manufacturing plants, which are also nodes of distributed database systems, in particular. In this case, these devices can be, for example, field devices or devices in the Internet of Things, which are also, in particular, nodes of the distributed database system. The nodes may eg also comprise at least one processor, eg to implement the computer-implemented functionality of these nodes.

In connection with the present invention, "blockchain oracles" and the like can be understood, for example, as nodes, devices or computers which possess a security module, for example by means of software protection mechanisms (such as cryptographic methods), Mechanical protection (e.g. closable housing) or electrical protection (e.g. Tamper protection or protection system that deletes the data of the security module in the event of impermissible use/operation of the blockchain oracle )to fulfill. In this case, the security module can include, for example, a cryptographic key that is required for calculating a checksum, such as a transaction checksum or a node checksum.

In connection with the present invention, "computer" can be understood, for example, as a computer (system), client, smart phone, device or server, which are respectively arranged outside the blockchain or not part of a distributed database system (such as blockchain) Membership (i.e. not using the distributed database system to perform computations or just asking for those computations without executing transactions, embedding data blocks or computing proof-of-work). Alternatively, a computer can in particular also be understood as a node of a distributed database system. In other words, a device can be understood in particular as a node of the distributed database system or also as a device outside the blockchain or the distributed database system. Devices outside the distributed database system can eg access the data of the distributed database system (eg transactions or control transactions) and/or be controlled by nodes (eg by means of smart contracts and/or blockchain oracles). If, for example, a device (e.g. a device configured as a node or a device outside a distributed database system) is actuated or controlled via a node, this can be done, for example, by means of a smart contract, which is in particular stored in In the transaction of distributed database system. A device or node may comprise an actuator, for example. Devices or nodes can also be, for example, electromechanical devices or systems, wherein electromechanical devices/systems are, for example, actuators and/or linear technology devices. Linear technology devices are, for example, devices for carrying out translational movements. A corresponding device can also be a drive system, for example. A device or node may eg be a cryptographic device/node (eg for performing user authentication or user verification).

With the invention it is especially possible to implement a decentralized infrastructure for implementing control commands. In particular, the control of the devices in the Internet of Things can thereby be carried out in a decentralized manner, even if the individual operators of the devices and/or device groups of devices do not trust each other. If, for example, a blockchain-based implementation of a distributed database system is used, illegitimate favoritism of nodes (e.g. by fraud/bribery) can become significantly more difficult because trust protection or manipulation protection is similar to cryptocurrencies in controlling transactions or Confirmation is implemented in the transaction. In particular, a central entity for authenticating the nodes can be dispensed with. If, for example, the implementation of a database system is realized by means of a blockchain, in particular implementing a cryptocurrency, settlement for the execution of control instructions can be settled in a simple and efficient manner, for example, to a client who has set The control command or the client has provided a command sequence from which, for example, the control command is derived.

In addition, for example, the security when operating a distributed database system (for example a blockchain) can be increased since additional checks are used, in particular for the execution of the control commands. In other words, in particular unchecked transactions or control commands are converted into checked transactions, wherein the checking takes place, for example, on the basis of node or device properties (eg device-specific data) of the device or node that is to implement the control commands.

For example, it is also conceivable that if the automatic teller machine is, for example, a node of the distributed database system or accesses the corresponding control transactions of the distributed database system or invokes these control transactions through a node of the distributed database system or through other interfaces, then by means of The method improves or makes the withdrawal of cash at an automatic teller machine more secure.

In a first embodiment of the control system, the selection module selects control commands by means of selection rules, which can be accessed via nodes (BCN, BCN_D) of the distributed database system (BC) or via devices (D, BCN_D) implement.

The control system is particularly advantageous in that it only creates control transactions for devices/nodes which can be carried out by these devices/nodes. In particular, these preconditioning control commands can be control commands of the same command sequence, which in particular have to be executed temporally before the control command (currently) to be executed by the corresponding device. In this case, these prerequisite control instructions are also stored in control transactions, which in turn are stored in a data block (ie a data block or a plurality of data blocks) of the distributed database system.

In other embodiments of the control system, device-specific requirements and/or prerequisite control instructions are stored in the selection rules, wherein these prerequisite control instructions are already implemented control instructions, and for these already implemented control instructions, Acknowledgments about the execution of these already executed control instructions are stored in the confirmation transactions of the data blocks of the distributed database system.

In other embodiments of the control system, the corresponding control transaction includes a unique identifier for the device and/or node that should implement the corresponding control instruction.

This is advantageous so that devices can ascertain or find control transactions that these devices should implement as quickly as possible. The corresponding unique identifier can eg be determined by the selection module and/or the first storage module and stored in the corresponding control transaction.

In other embodiments of the control system, a time limit within which the control commands are to be executed is predetermined by means of a selection rule.

The control system is advantageous, in particular with respect to the control commands or the selected control commands, taking into account the time constraints within which these control commands are to be executed by the corresponding device. If the device cannot ensure the execution of the corresponding command (which can be ascertained, for example, by device-specific requirements), a control signal can be provided, in particular by a check module of the selection module, in order to react to failure to meet this time limit. With the aid of the control signal, for example, manufacturing personnel, service technicians can then be automatically notified or an alarm signal activated. For example, the creator or provider of the control instructions can also be informed: the creator or provider is informed that these control instructions cannot be carried out.

In other embodiments of the control system, the control system or the selection module includes an optimizer, which optimizes the implementation of the control commands by the device according to predetermined criteria.

The control system is advantageous in particular for optimizing the production process according to predetermined criteria. The predetermined criteria can be, for example, the production time, the costs involved or the energy to be expended. For example, an optimizer may decompose a sequence of instructions into control instructions, which are in turn stored/stored in control transactions. In this case, the optimizer breaks down the instruction sequence into control instructions according to predetermined criteria. If for example the criterion is to optimize the manufacturing time in producing the product (e.g. keep the manufacturing time of the product as low as possible), the sequence of instructions is decomposed such that individual components are manufactured in parallel by multiple devices, i.e. in the control transaction Corresponding control instructions are executed by these devices. If, for example, the criterion is to optimize manufacturing costs when producing a product, the sequence of instructions is broken down such that the individual components are manufactured serially by one device (such as the corresponding device) or as few devices as possible, i.e. in a control transaction The corresponding control instructions are executed by the corresponding devices/nodes. In order to control this, for example, the optimizer forwards the corresponding information to the selection module, so that the selection module selects control instructions according to the information, and these control instructions should be implemented by specific devices or nodes of the distributed database system, for example. For example, an optimizer can be used to realize that in particular no control instructions corresponding to selection rules in their unoptimized form or control instructions are optimized such that these control instructions correspond to selection rules and can be created for these control instructions Control transactions so that these control transactions can be executed by devices/nodes. For example, if the selection rules (e.g. in local selection rules for subsystems of a manufacturing facility) predefine that the corresponding control instructions should be executed within a predetermined time limit (e.g. a gas turbine should be manufactured within a week components), this may be the case. For example, if this time limit would be exceeded given the originally determined manufacturing time (e.g. it was found that the execution of the control order for the construction of the component lasted 2 weeks), then for the original (non-optimized) control order Control transactions are not created. The optimizer can now carry out an optimization of these control commands, for example on the basis of the original control commands and the selection rules, which are taken into account, for example, by means of predefined criteria, so that the selection rules are observed. This can be achieved, for example, in that the control commands are sequenced in a different manner or that the control commands are executed in parallel and not linearly. In particular, for example the original control instructions can be organized linearly so that one control instruction is implemented after another by, for example, creating a corresponding control transaction. The optimizer identifies, for example, subassemblies of the component parts which can first be executed independently of one another in parallel on, for example, two lathes and only then welded with the aid of control commands. For example, it is also possible for the optimizer to select a different manufacturing technology for the components. For example, the original control instructions stipulated that the components should be produced by means of casting and milling, which would however exceed the specifications of the selection rules (eg time constraints). However, manufacturing, for example by means of 3D printing/Additive Manufacturing (Additive Manufacturing), would respect this time limit and also meet the technical specifications of the components (eg stability/accuracy). The optimizer then eg modifies the optimized control instructions accordingly such that the specification of the selection rule is satisfied and creates a control transaction for implementation/execution by the device/node.

In this case, the optimizer can be, for example, a separate module or a component of a selection module. Alternatively, the optimizer can, for example, perform the optimization on the basis of the implementation requirements or even create these implementation requirements itself and provide them to the selection module.

In other embodiments of the control system, the distributed database system is a blockchain and the data blocks are blocks of the blockchain, or the distributed database system is a peer-to-peer database system.

The control system is advantageous in particular with regard to the realization of a decentralized control system infrastructure. Furthermore, such a control system can be realized, in particular, even if the operators of the installations do not trust each other.

In other embodiments of the control system, the data blocks are linked to each other by means of a cryptographic hash function.

In other embodiments of the control system, the control system comprises an activity module, wherein the activity module is configured to display and/or record activities of the control system.

The control system is advantageous in particular in that the activity can be checked during operation, for example by a supervisor via status lights, heartbeat signals or control signals. Alternatively, an active module can eg write information to a file in order eg to record the system state or restart of a node or module.

According to another aspect, the invention relates to a selection module for a distributed database system or for a control system with a distributed database system for controlling and/or monitoring devices, the selection module having:

- especially the first interface (810), for receiving or invoking control commands;

- A first evaluation unit (820), configured to select a control instruction according to a selection rule, wherein the selection rule includes a global selection rule and/or a local selection rule and/or a device-dependent selection rule.

This selection module is particularly useful in improving the implementation of control instructions by devices or nodes connected to each other via a network (e.g. manufacturing robots, control systems for energy distribution networks, bank terminals, ATMs, money transfers between banks) advantageous.

In addition, for example, the security can be increased when running a distributed infrastructure (such as a distributed database system with devices and/or nodes or with devices accessing a distributed database system), which is wholly or partly implemented with the aid of It is implemented in a distributed database system (such as blockchain). In particular, the term "control instruction" should be understood broadly. In this case, in addition to the definitions mentioned above, transactions may also be involved, which shall be carried out by means of a device (such as a node of the blockchain or a device outside the blockchain, such as a device D) . In other words, the device converts, in particular, unchecked transactions into checked transactions, wherein the checking takes place, for example, in accordance with selection rules (eg device-specific requirements and device-specific data) that are to be implemented by the control commands.

With the aid of the invention, it is possible, for example, to check device-specific requirements for the implementation of the control commands by the devices by means of selection rules or to ensure that these device-specific requirements are taken into account. In this case, device-specific requirements or selection rules can also be, for example, safety requirements and/or location-related requirements (for example country specifications, GPS specifications or PLZ) that the equipment should fulfill in order to execute the control commands. Alternatively, specific/predetermined authentications and/or verifications can also be required, for example, by means of device-specific requirements or selection rules that can be implemented for the corresponding device. In particular, it is achieved that, for example, only control transactions are generated for control commands that satisfy the specification of the selection rule.

This could be the case, for example, if someone wants to withdraw cash at a device such as an ATM. Next, the control instruction is, for example, a request from the customer to withdraw cash. If, for example, the corresponding customer (for example at his home bank or online banking) has set the customer, for example, to only allow cash withdrawals in predetermined countries, such as Italy, France and Austria, then this is stored in the selection rule (eg global selection rules or local selection rules) or in device-specific requirements (and thus in particular implicitly likewise stored in implementation requirements). Then, if a corresponding control transaction allowing the withdrawal is not created, the withdrawal may not be permitted or prohibited at the automatic teller machine in Andorra, if necessary. For example, security requirements can also require a predetermined authentication and/or authentication method of the customer, which must be supported by the device (for example an automatic teller machine). For this purpose, for example, a password (Pin) may be entered or required for extraction (this is not necessarily the case, for example, in the USA) and/or a specific password length (e.g. 8 characters) may be required; and/or other additional pins may be required. authentication method (e.g. 2-factor authentication, Mobile-Tan, Google Authenticator).

Alternatively, a selection module, such as an evaluation unit, can also further analyze the control commands and if, for example, the selection module or the (first) evaluation unit has found that the device-specific requirements are not met or cannot be met (for example, these control commands were never Permitted countries are sent or determined for devices or nodes in non-permitted countries), then create a control transaction that indicates this to the corresponding device or system and preferably prohibits or prevents access to these Implementation of control orders. Alternatively, it is also possible, for example, that no control transaction is generated and that at some point there is a timeout for executing the control command, for example after a predetermined period of time there is a timeout for executing the control command. Alternatively or additionally, for example, a control signal can be provided which, for example, informs a technician or controls an alarm signal if a control command cannot be executed. Anyway, at least these control instructions are not fully stored in the control transaction when the selection rules are not satisfied. In an implementation variant, for example at least a part of the control commands which do not satisfy the specifications of the selection rules are stored in the control transaction, if for example such control commands which do not satisfy these specifications are to be recorded. This may be the case, for example, if someone tries to withdraw money at an ATM that does not meet the specifications of the selection rules.

For example, it would also be conceivable that online banking is secured in such a way that the security requirements and/or location-related requirements of the computer (i.e. the device sending the control commands) are checked and whether it is allowed to pass through other device for extraction.

In addition, the selection module can also include, for example, a first allocation module and/or a first storage module and/or other modules, as already explained in the exemplary embodiments. Then, a node or a device can, for example, include a checking module and/or an implementing module, as already explained in the exemplary embodiments or implementations. In particular, other features of other aspects and embodiments of the invention may also be transferred to this aspect of the invention.

The device-specific requirements of the selection rules for nodes or devices can, for example, also be user-specific or include user-specific requirements. For example, a first user may require low precision in the production of workpieces in the plant-specific requirements assigned to the first user. Then, for example, a second user can request greater precision in the production of workpieces in the plant-specific requirements assigned to this second user. In this way, for example, security requirements can also be stored user-specifically. For example, it is also conceivable that certain types or classes of control commands (user-related or non-user-related) are assigned device-specific requirements which are considered or checked by the selection module. For example, it may be required that the control commands for loading the firmware are only carried out by devices which meet predetermined safety requirements, for example, in order to ensure that no one in the manufacturing facility has easy access to firmware expertise. Through these predetermined security requirements, it can be required, for example, that only certain persons have access to the corresponding device or that the device is protected by a password and/or other password mechanisms (for example only possible by inserting a chip card and entering a password (Pin) access).

If for example the selection module ascertains that no node and/or device (eg of a fab) supports or meets the implementation requirements, no control transaction is created for the corresponding control instruction. In addition, the selection module can use selection rules to take into account, for example, an implementation policy which specifies exactly which control commands are to be accepted and/or implemented by the nodes and/or devices. For example, it can be predetermined by a general implementation policy (e.g. included in a global selection rule): even if a device and/or node may implement certain predetermined control instructions, the corresponding control instructions generally do not It should be carried out by these devices and/or nodes (for example because the execution of these control commands is too expensive or involves high wear and tear of the devices (eg machine tools)). Such an implementation policy can likewise be part of the implementation requirements or included in selection rules, for example. For example, implementation policies for local applications (eg, included in local selection rules) or device-specific applications (eg, included in device-specific selection rules) can be predetermined in a similar manner.

In other words, the selection module can be used as a filter for control instructions or control transactions in order to prevent, for example, the implementation of control instructions which are not allowed to be implemented by the device and/or node or which do not satisfy the specification of the selection rule. This prevents, in particular, that such unwanted control commands or control transactions are assigned to devices and/or nodes in the distributed database system or control transactions that can be implemented for devices and/or nodes are checked.

In other embodiments of the selection module, the selection module comprises a first decomposition module, wherein the first decomposition module is set up to decompose the sequence of instructions into corresponding control instructions, and wherein the corresponding control instructions are provided, for example, to the control system or the first option module.

In other embodiments of the selection module, the selection module includes an activity module, wherein the activity module is configured to display or record the activity of the selection module.

In a further embodiment of the selection module, the selection module comprises a configuration memory which contains device-specific data about the device and/or device-specific data about the node and/or device-specific requirements.

In other embodiments of the selection module, the selection module includes an optimizer, wherein the optimizer optimizes the implementation of the control commands by the device according to predetermined criteria.

This selection module is advantageous in particular for optimizing the production process according to predetermined criteria. The predetermined criteria can be, for example, the production time, the costs involved or the energy to be expended. For example, an optimizer can break down a sequence of instructions into control instructions, which in turn are stored in control transactions. In this case, the optimizer breaks down the instruction sequence into control instructions according to predetermined criteria. If for example the criterion is to optimize the manufacturing time in producing the product (e.g. keep the manufacturing time of the product as low as possible), the sequence of instructions is decomposed such that individual components are manufactured in parallel by multiple devices, i.e. in the control transaction Corresponding control instructions are executed by these devices. If, for example, the criterion is to optimize manufacturing costs when producing a product, the sequence of instructions is broken down such that the individual components are manufactured serially by one device (such as the corresponding device) or as few devices as possible, i.e. in a control transaction The corresponding control instruction is executed by the corresponding device. In order to control this, for example, the optimizer forwards the corresponding information to the selection module, so that the selection module selects control instructions according to the information, and these control instructions should be implemented by specific devices or nodes of the distributed database system, for example. For example, an optimizer can be used to realize that in particular no control instructions corresponding to selection rules in their unoptimized form or control instructions are optimized such that these control instructions correspond to selection rules and can be created for these control instructions Control transactions so that these control transactions can be executed by devices/nodes. For example, if the selection rules (e.g. in local selection rules for subsystems of a manufacturing facility) predefine that the corresponding control instructions should be executed within a predetermined time limit (e.g. a gas turbine should be manufactured within a week components), this may be the case. For example, if this time limit would be exceeded given the originally determined manufacturing time (e.g. it was found that the execution of the control order for the construction of the component lasted 2 weeks), then for the original (non-optimized) control order Control transactions are not created. The optimizer can now carry out an optimization of these control commands, for example on the basis of the original control commands and the selection rules, which are taken into account, for example, by means of predefined criteria, so that the selection rules are observed. This can be achieved, for example, in that the control commands are sequenced in a different manner or that the control commands are executed in parallel and not linearly. In particular, for example the original control instructions can be organized linearly such that one control instruction is executed after another control instruction. The optimizer identifies, for example, subassemblies of the component parts which can first be executed independently of one another in parallel on, for example, two lathes and only then welded with the aid of control commands. For example, it is also possible for the optimizer to select a different manufacturing technology for the components. For example, the original control instructions stipulated that the components should be produced by means of casting and milling, which would however exceed the specifications of the selection rules (eg time constraints). However, manufacturing eg by means of 3D printing/Additive Manufacturing would respect this time limit and also meet the technical specifications of the components (eg stability/accuracy). The optimizer then eg modifies the optimized control instructions accordingly such that the specification of the selection rule is satisfied and creates a control transaction for implementation/execution by the device/node.

In this case, the optimizer can be, for example, a separate module or a component of a selection module. Alternatively, the optimizer can, for example, perform the optimization on the basis of the implementation requirements or even create these implementation requirements itself and provide them to the selection module.

In this case, the predetermined criteria can also be part of the selection rules, for example, and/or these selection rules can also be taken into account by the predetermined criteria or the optimizer.

In other embodiments of the selection module, the selection module includes a management interface.

The control system is advantageous in particular in that it enables configuration of the selection module. Via the management interface eg device-specific requirements can be configured and preferably stored in a distributed database system.

In other embodiments of the selection module, the selection module includes a detection unit for detecting device-specific data about the device or device-specific data about the node.

The selection module is advantageous in particular in terms of facilitating and speeding up the checking and creation of the device-specific data. Although the selection module may be queried again by the device or the node each time each individual determination is made, it is particularly effective if the detection unit queries the data, for example at a predetermined point in time or for a period of time and For example, the data are stored in a configuration memory or the nodes and devices do this independently at a predetermined point in time or for a period of time, for example after switching on, by transmitting the information to the detection unit. If the detection unit is realized, for example, as a smart contract of the distributed database system, this can also be done, for example, when connecting the device to the distributed database system.

In other embodiments of the selection module, the selection module is designed as a node of the distributed database system or as a smart contract of the distributed database system or as a device.

In a further embodiment of the selection module, the first evaluation unit determines the implementation requirements for the implementation on the basis of the implementability of the nodes or devices of the data allocated by the control command, wherein in particular these implementation requirements are distributed by the control command. The result of the check of the feasibility of the nodes or devices of the database system is determined.

In other embodiments of the selection module, the first evaluation unit determines the implementation requirements for the implementation on the basis of device-specific requirements and/or prerequisite control commands as well as device-specific data and/or already implemented control commands, wherein in particular These implementation requirements are determined as a result of a comparison of the device-specific requirements and/or prerequisite control commands with device-specific data and/or already implemented control commands.

In other embodiments of the selection module, the selection module comprises a first storage module for storing corresponding control instructions in control transactions, wherein in particular these control transactions are stored in a distributed database system (BC) and wherein In particular, these control transactions are transmitted to devices (D, BCN_D) or nodes by means of data blocks (B).

This is especially advantageous with regard to storing the selected control commands in corresponding control transactions.

In other embodiments of the selection module, the selection module selects control instructions by means of selection rules, which control instructions can be implemented by nodes (BCN, BCN_D) of the distributed database system (BC) or by devices (D, BCN_D) .

According to another aspect, the invention relates to a method for computer-aided control of a device, the method having the following method steps:

- select the control instructions according to selection rules, wherein the selection rules include global selection rules and/or local selection rules and/or device-related selection rules;

- store the corresponding control instructions in a control transaction, where

- said control transactions are stored in a distributed database system (BC),

- said control transactions are transmitted to said devices (D, BCN_D) or nodes (BCN, BCN_D) by means of said distributed database system (BC).

According to another aspect, the invention relates to a method for computer-aided selection of control commands, the method having the following method steps:

- receive or invoke control commands;

- Selecting the control instructions according to selection rules, wherein the selection rules include global selection rules and/or local selection rules and/or device-dependent selection rules.

The method is particularly suitable for selecting control instructions for devices or nodes of a distributed database system which are supposed to implement these control instructions.

In other specific embodiments of the method, the method includes further method steps in order to implement functional or other features of the control system.

Also claimed is a computer program product having program instructions for carrying out the mentioned method according to the invention, wherein each of the methods according to the invention can be carried out by means of the computer program product, All methods according to the invention or combinations of methods according to the invention.

Additionally, a variant of the computer program product with program instructions for configuring a construction device, such as a 3D printer, a computer system or a manufacturing machine suitable for a construction processor/device, wherein the construction device utilizes These program instructions are configured such that the mentioned distributed database system and/or control system and/or selection modules according to the invention are created.

Furthermore, a provision device for storing and/or providing a computer program product is also claimed. The providing means is, for example, a data carrier which stores and/or provides the computer program product. Alternatively and/or additionally, the providing means are, for example, web services, computer systems, server systems, especially distributed computer systems, cloud-based computer systems and/or virtual computer systems, preferably in the form of data The computer program product is stored and/or provided as a stream.

For example as a download of the complete computer program product in the form of program data blocks and/or instruction data blocks, preferably as a file, especially as a download file, or as a data stream, especially as a download data stream. . However, the provision can also take place, for example, as a partial download consisting of several parts and in particular downloaded via a peer-to-peer network or provided as a data stream. Such a computer program product is read into the system, for example using supply means in the form of a data carrier, and executes program instructions so that the method according to the invention is carried out on a computer, or the construction plant is configured such that the construction The device creates a distributed database system and/or a control system and/or a selection module according to the invention.

Description of drawings

The above-described characteristics, characteristics and advantages of the present invention and how to achieve them can be more clearly and more clearly understood in conjunction with the following description of the embodiments, which are further explained in conjunction with the accompanying drawings. Here is a schematic diagram:

Figure 1 shows a first embodiment of the invention;

Fig. 2 shows another embodiment of the present invention;

Fig. 3 shows another embodiment of the present invention;

Fig. 4 shows another embodiment of the present invention;

Figure 5 shows another embodiment of the invention.

In the figures, unless otherwise stated, functionally identical elements are provided with the same reference symbols.

detailed description

Unless stated otherwise or already stated, the subsequent exemplary embodiments have at least one processor and/or memory unit in order to implement or carry out the method.

With knowledge of the method claim/claims, in particular the person skilled in the art (in the art) is of course also aware of all possibilities for realizing the product or for carrying out the realization which are common in the prior art, such that In particular no separate disclosure is required in the specification. In particular, these usual and known implementation variants can be realized only by hardware (components) or only by software (components). Alternatively and/or additionally, the skilled person can select as far as possible any combination according to the invention of hardware (components) and software (components) within the scope of his expertise in order to realize the embodiment variants according to the invention.

Especially when one part of the effect according to the invention is preferably caused only by special hardware (for example a processor in the form of an ASIC or FPGA) and/or another part is caused by (processor and/or memory assisted) software, The inventive combination of hardware (components) and software (components) is only possible.

In particular, due to the high number of different implementation possibilities, it is not possible and is not an essential objective for understanding the invention or it is not necessary to name all of these implementation possibilities. In this respect, especially all subsequent examples should only show by way of example how such an implementation might look, inter alia, according to the teaching of the invention.

Thus, in particular the features of the individual embodiments are not restricted to the respective embodiment, but relate to the invention in particular and generally. Correspondingly, features of one exemplary embodiment can preferably also be used as features of another exemplary embodiment, in particular this need not be explicitly mentioned in the respective exemplary embodiment.

Fig. 1 shows a first embodiment of the invention. In this case, FIG. 1 shows a control system for controlling and/or monitoring installations, wherein a distributed database system is implemented, for example, by means of a blockchain BC.

In a variant, an embodiment of a control system for controlling and/or monitoring equipment may include the following features:

- such as a distributed database system (BC), which has:

- for example a plurality of nodes (BCN, BCN_D), wherein the nodes (BCN, BCN_D) and devices (D, BCN_D) are connected to each other via a first communication network (NW1);

- for example a first selection module (110) for selecting control instructions according to selection rules, wherein - for example said selection rules comprise global selection rules and/or local selection rules and/or device-dependent selection rules,

- For example, the selection module (110), especially the selection module (110) according to any one of the embodiments (ie, the selection module according to the present invention or one of the implementations of the selection module);

- for example a first storage module (130) for storing selected control instructions in control transactions, wherein - for example said control transactions are stored in said distributed database system (BC),

- eg said control transaction is transmitted to said device (D, BCN_D) or node (BCN, BCN_D) by means of said distributed database system (BC);

- such as an implementation module, configured to implement the control instruction through a corresponding device, wherein the control transaction includes the control instruction;

- such as a second storage module, configured to store the result of the implementation of the control instruction in a confirmed transaction of the distributed database system (eg stored in a data block of the distributed database system).

Figure 1 shows in detail the blocks B of the blockchain BC, such as the first block B1, the second block B2 and the third block B3.

These blocks B each include a plurality of transactions T. Here, a transaction T may include a control transaction and/or a confirmation transaction.

The first block B1 includes, for example, a first transaction T1a, a second transaction T1b, a third transaction T1c and a fourth transaction T1d.

The second block B2 includes, for example, a fifth transaction T2a, a sixth transaction T2b, a seventh transaction T2c and an eighth transaction T2d.

The third block B3 includes, for example, a ninth transaction T3a, a tenth transaction T3b, an eleventh transaction T3c, and a twelfth transaction T3d.

In addition, these blocks B also each include one of the chain checksums CRC, which are determined from the immediate preceding block. Thus, the first block B1 includes the first chain checksum CRC1 of its predecessor block, the second block B2 includes the second chain checksum CRC2 of the first block B1, and the third block B3 includes The third chain checksum CRC3 of the second block B2.

The corresponding chain checksums CRC1, CRC2, CRC3 are preferably obtained from the block data headers of the corresponding predecessor blocks. Preferably, the chain checksum CRC can be ascertained using a cryptographic hash function such as SHA-256, KECCAK-256 or SHA-3. For example, the chain checksum can additionally be calculated from the data block checksum or the data header includes the data block checksum (the data block checksum will be explained below).

Additionally, each of these blocks may include a data block checksum. The data block checksum can be realized, for example, by means of a hash tree.

In order to form the hash tree, a transaction checksum (eg also a hash value) is calculated for each transaction of the data (block). Alternatively or additionally, a transaction checksum can continue to be used for this purpose, which was created by the generator of the transaction, preferably when the transaction was generated.

Usually, for a hash tree, for example a Merkle tree or a Patricia tree is used, the root hash value/root checksum of the hash tree is preferably registered as the corresponding data block checksum in the corresponding in the block.

In a variant, the data block checksum is used as chain checksum.

Blocks can also have timestamps, digital signatures, proof-of-work, as it has been set forth in embodiments of the present invention.

Blockchain BC itself is realized through blockchain infrastructure with multiple blockchain nodes BCN, BCN_D. These nodes can be, for example, computers, blockchain oracles, trusted nodes, or one or more or all of the devices that should be controlled or monitored. In other words, in particular these devices can also be designed as blockchain nodes, which are then referred to as device nodes BCN_D, for example. For example, a device which is not designed as a blockchain node and which, for example, only has read access to the blockchain is referred to as a blockchain-external device D. These nodes are communicatively connected to each other via a first network NW1 , for example a communication network such as the Internet or Ethernet. By means of the blockchain infrastructure, at least a part of the data block B or all data blocks B of the blockchain BC are copied, for example for a part or all nodes of the blockchain.

A device can especially be understood as a device D or a device node BCN_D outside the blockchain.

The control system implemented by means of the block chain BC also includes a first selection module 110, a first storage module 130, a first inspection module 140, a first implementation module 150 and a second storage module 160, and these modules pass through the control system (such as bus) or communicate with each other through the block chain and its infrastructure (such as the first network NW1). In this case, the first (communication) network NW1 can be a mobile wireless network, Ethernet, WAN, LAN or the Internet.

The first selection module 110 is set up to select (or select) control instructions according to selection rules, wherein these selection rules include global selection rules and/or local selection rules and/or device-dependent selection rules. In this case, the selected control commands can be implemented, for example, by nodes (BCN, BCN_D) or by devices (D, BCN_D) of the distributed database system (BC). During the selection, it is checked in particular whether the control commands satisfy the specification specified by the selection rule. Preferably, those of the control instructions that have been selected or selected are stored in the control transaction.

Here, the selection module 119 is in particular a selection module according to any one of the embodiments or FIG. 4 or FIG. 5 .

As a software component, the first selection module 110 can be realized, for example, as a smart contract implemented by a blockchain or its infrastructure. For this purpose, smart contracts are stored, for example, in transactions, which in turn are stored in data blocks or blocks of the blockchain BC.

As a hardware component, the first selection module 110 can be implemented, for example, by a block chain oracle and/or a block chain node and/or device, the block chain oracle and/or the node and/or device are, for example, Trustworthy and sign implementation requirements by means of digital certificates or digital signatures. In a variant, the corresponding selection module is assigned certain devices or nodes, which are considered particularly critical, for example.

Optionally, the control system may include a first decomposition module, for example configured as an integrated module of the first selection module 110 or as a separate module (eg configured as a software and/or hardware component)—similar to In the first selection module (for example, a smart contract structured as a blockchain). The first decomposition module is designed to decompose the command sequence into corresponding control commands and provide these control commands to the control system, in particular to the first selection module or the first memory module.

In this case, the sequence of instructions may comprise control instructions for a plurality of devices, for example manufacturing machines, in order for these to build objects or products, for example gas turbines or electric motors. Alternatively or additionally, the sequence of instructions includes specifications of the product which should be implemented by the devices. The sequence of instructions does not necessarily have to be specific to the manufacture of the product. This command sequence can also be envisaged for controlling the energy supply network, for example. In this case, the sequence of instructions itself can be, for example, a smart contract that has been stored in the blockchain. Then, the smart contract can be analyzed, for example, by the control system (or the first decomposition module and/or the first selection module) using the blockchain or its infrastructure.

For example, the command sequence can also be encrypted, so that the first selection module 110 or the first decomposition module must first decrypt the command sequence before it can be decomposed.

Alternatively or additionally, the control commands of the command sequence are encrypted and the corresponding requirements for carrying out these control commands are stored as clear text in the command sequence.

In this case, the instruction sequence itself and/or the control instructions can be provided to the control system, for example, via a user, via an interface, via another database or via an input device.

Alternatively or additionally, the control commands and/or the selection rules are encrypted by the first selection module 110 , for example in order to protect know-how. The corresponding device D or the first execution module 150 , 150_D for executing the control commands then has corresponding cryptographic means, for example. These cryptographic means are, for example, corresponding cryptographic keys in order to decrypt control instructions and/or selection rules.

Firstly, the first decomposition module and the first selection module decompose the instruction sequence into control instructions or determine the control instructions according to the instruction sequence, wherein these control instructions can also be a control instruction group or multiple control instructions or a single control instruction. Preferably, the first selection module 110 knows the available devices and/or nodes and determines the implementation requirements for these control commands (the control commands can also be control command groups). Alternatively, the implementation requirement may have been encoded/stored in the instruction sequence, and the first selection module 110 determines the implementation requirement for the corresponding control instruction according to this information.

In addition, the control system can include an optimizer, which optimizes the execution of the control commands by the device according to the execution requirements and according to predetermined criteria. Alternatively, the optimizer determines at least some of these implementation requirements or selection rules and provides them to the first selection module 110 .

As a result, the control system can, for example, optimize the manufacturing process according to predetermined criteria. The predetermined criteria can be, for example, the production time, the costs involved or the energy to be expended. The optimizer can be, for example, an integration module of the first decomposition module or the first selection module. Alternatively, the optimizer can be designed as a separate module of the control system.

If the optimizer is, for example, a decomposition module or an integration module of selection modules, this optimizer can carry out an optimization during the decomposition of the instruction sequence into control instructions and during the determination of the implementation requirements. In this case, the first decomposition module or first selection module 110 uses an optimizer, for example, to take into account predetermined criteria when decomposing the instruction sequence into control instructions.

If, for example, the criterion is to optimize the manufacturing time in producing the product (for example to keep the manufacturing time of the product as low as possible), the sequence of instructions is decomposed and/or the correspondingly optimized implementation requirements are calculated such that the individual Components are manufactured in parallel by multiple devices, ie the corresponding control instructions in the control transaction are executed by these devices. If, for example, the criterion is to optimize manufacturing costs when producing a product, the sequence of instructions is broken down and/or the correspondingly optimized implementation requirements are calculated such that individual components consist of one device (e.g. corresponding devices) or as few as possible The devices are manufactured serially, that is, the corresponding control instructions in the control transactions are executed by the corresponding devices/nodes. In order to control this, corresponding information is forwarded to the selection module, for example by means of an optimizer, so that the selection module can take this information into account when making a selection.

In one variant, the selection module is a selection module for a distributed database system or for a control system with a distributed database system for controlling and/or monitoring devices. In this variant, the selection module has a processor and optionally a memory unit. The processor is set up to select control instructions according to selection rules. In addition, the selection module can include, for example, the embodiment variants and the mentioned features from FIGS. 4 and 5 .

For the respective devices or nodes that are to execute the control commands, the control transactions can also include, for example, identifiers, so that these devices or nodes can more quickly identify the control commands or control transactions that they are to carry out. If the control transaction does not include such an identifier, the nodes and/or devices have to check whether they can implement a new control transaction embedded in the distributed database system.

The first selection module can, for example, include a first assignment module, in order to first assign relevant selection rules (eg implementation requirements) to corresponding control instructions. Only after that does the check of the selection rules or the selection take place.

The first storage module 130 is set up to store the selected control instructions in control transactions, wherein these control transactions are stored in the distributed database system (BC) and these control transactions are stored by means of the distributed database system (BC) Transmission to a device (D, BCD) or node (BCN, BCN_D). This is achieved, for example, in that, for example, if a data block is replicated for a blockchain and/or a node and/or a specific node, the corresponding data block is transmitted via the blockchain via the first network NW1 to the corresponding of nodes. If, for example, a device external to the blockchain is involved, the device external to the blockchain can, for example, be transmitted to such a device via an interface of the blockchain (such as a web interface (Web-Interface)), or such a device, for example, After a given period of time, the corresponding data is called from the blockchain. Alternatively, such a device can also be controlled via a smart contract, for example by means of a blockchain oracle.

Preferably, when determining the control commands by the first selection module 110 , these control commands are determined device-specifically and/or taking selection rules into account. This means in particular that firstly control command sets are formed which can be executed completely by the corresponding device. These groups of control instructions can also simply be referred to as control instructions. The execution prerequisites are then calculated for these control command sets or control commands, as has been explained, for example, above. Then, upon storage, the corresponding set of control instructions or the corresponding control instructions are stored in a control transaction, wherein the control transaction may include a unique identifier of the device/node that should implement these control instructions.

The selection module can also be, for example, a selection module according to the invention or one of its embodiments or a selection module as explained in FIGS. 4 and/or 5 .

This storage can be implemented in different ways. For example, a control instruction or multiple control instructions can be stored in a specific control transaction.

The first storage module 130 can be designed, for example, as a software and/or hardware component—similar to the first selection module 110 (eg, as a smart contract of a blockchain or as a trusted node of a blockchain). In particular, the first storage module 130 can be realized by a blockchain or a smart contract, or be a software component of a blockchain infrastructure.

The first checking module 140 is set up to check whether the corresponding control instruction of the control transaction can be implemented by the device/node. Alternatively, the checking module undertakes, for example, to dispatch control transactions to corresponding devices/nodes which can carry out these control transactions. Depending on the implementation variant, the checking module can be part of the control system, a component of the selection module or a component of the devices/nodes. In the simplest case, the checking module checks for a unique identifier (eg Unique Identifier (UID)) which states in its control transaction which device should implement the control command. From this it can then be ascertained whether the corresponding control transaction can be carried out by this device or node. The results of this check are recorded in Check Results.

In this context, "one of the control commands" refers in particular to one or more of these control commands (ie for example relates to one or more of the control commands). Alternatively, "one of the control instructions" should be understood as "at least one of the control instructions". Preferably, "one of the control instructions" is a corresponding control instruction that controls the transaction.

The first checking module 140 can be designed, for example, as a software and/or hardware component—similarly to the first selection module 110 (eg, as a smart contract of a blockchain or as a trusted node of a blockchain). The first checking module 140 can especially be implemented by a blockchain or a smart contract, or be a software component of a blockchain infrastructure, or a component of a node or device that can implement control instructions.

If, for example, the first checking module 140 checks the control transactions of the data block for the control commands to be executed by the corresponding device, the result of the checking is provided in the data record. The first check module 140 may also perform additional checks, for example. For example, transaction checksums or data block checksums can be checked. If the corresponding checksum is a digital signature or a certificate, it can be checked, for example, whether the issuer or the checksum generator is at all authorized to execute its control instructions on or by the device.

For example, it can also be checked whether the corresponding device possesses the required digital certificate, which indicates, for example, that the corresponding device is trustworthy. This may be necessary, for example, in the case of control commands which include expertise which should not be made public.

For example, it is also conceivable that the control commands are cryptographically encrypted and preferably only the corresponding device D includes means for deciphering this cryptographic encryption (for example a corresponding key). The corresponding device D itself may comprise these means or the implementation module 150, 150_D may comprise these means.

The execution modules 150 , 150_D are set up to execute the control commands by the corresponding device as a function of the result of the check (eg check result).

In particular, it is assumed that control commands and control transactions can be carried out by at least one device and/or node of the distributed database system. In particular, the invention ensures here that only control transactions that can be implemented by devices and/or nodes are embedded in the distributed database system.

In a variant, the checking and execution are further improved. If, for example, the check results in a confirmation of the control commands' practicability or if the result includes a confirmation of the control commands' practicability, the corresponding device implements these control commands. For example, the component can be drilled according to the specifications of the control commands which were originally specified in the command sequence. If the check does not result in confirmation of the implementation of the control instructions or if the result does not include confirmation of the implementation of the control instructions, the execution/implementation of these control instructions is prohibited.

If the result indicates, for example, that the control commands should not be carried out by the corresponding device, a control signal can be provided, for example. With this control signal, for example, alarms, service technicians or control commands (preferably all) generated according to the command sequence can be deactivated, so that other control commands of the command sequence are no longer executed by other devices. For this purpose, for example, corresponding control transactions with such control instructions for all devices can be stored in blocks of the blockchain BC and transmitted to these devices by means of the blockchain BC. Preferably, such control transactions also include a priority, which specifies the priority order in which these control instructions are executed. Preferably, this priority is higher than the priorities of the remaining control instructions. With this increased priority, the corresponding control commands are preferably executed by the devices in order, for example, to invalidate (declare invalid) the remaining control commands of the command sequence or to prevent the execution of these remaining control commands.

If the first checking module 140 is, for example, a module of the blockchain BC, then the first checking module 140 includes, for example, a list of devices with device-specific properties of these devices, from which it is possible to identify corresponding equipment. Alternatively, the first checking module 140 may include a list of devices and their network addresses, and query the corresponding device-specific properties at the devices themselves. This is advantageous in order to take into account the current operating state of the installation during the inspection.

The first implementation module 150 , 150_D can be designed, for example, as a software and/or hardware component—similarly to the first selection module 110 (eg, as a smart contract of a blockchain or as a trusted node of a blockchain). The implementation module can especially be realized by a block chain or smart contract, or a software component of the block chain infrastructure, or a node (such as a block chain implementation module 150) or a device (such as a device implementation module 150) that can implement a control command 150_D) components.

If the first implementation module is, for example, a block chain module, the first implementation module 150 includes, for example, a list of devices and their network addresses, so as to manipulate these devices to execute control instructions.

The second storage module 160 is set up to store the results of the execution of the control instructions in confirmation transactions of the data blocks of the distributed database system.

If the execution of the control command by the corresponding device has been successful, this information is stored in a confirmed transaction in the blockchain. If, for example, there are other control commands which presuppose the execution of the currently executed control command (precondition control command), it is now possible to use other corresponding devices or the same corresponding control command as long as the remaining implementation requirements are also met. device to execute these other control commands.

The second storage module 160 can be designed, for example, as a software and/or hardware component—similarly to the first selection module 110 (eg, as a smart contract of a blockchain or as a trusted node of a blockchain). The second storage module 160 can especially be implemented by a blockchain or a smart contract, or be a software component of a blockchain infrastructure, or a component of a node that can implement control instructions.

The control system and/or the distributed database system or its nodes (e.g., blockchain nodes, devices (device nodes and devices external to the blockchain)) may additionally include, for example, one or more other components, such as processors, storage unit, other communication interfaces (e.g. Ethernet, WLAN), input devices, especially a computer keyboard or computer mouse, and display devices (e.g. monitors). A processor may, for example, include a plurality of other processors that may be used, among other things, to implement other embodiments. The one or more other components can likewise be communicatively connected to each other via a blockchain or its infrastructure, for example.

The processor may be, for example, an ASIC implemented by the application-specific functions of the corresponding modules or all modules of this embodiment (and/or other embodiments), wherein the program components or program instructions are especially implemented as an integrated circuit . The processor can also be, for example, an FPGA, which is especially configured by means of program instructions, so that the FPGA implements the functions of the corresponding modules or all modules of this embodiment (and/or other embodiments).

Depending on the selected implementation variant, the distributed database system can comprise a first checking module and/or a first execution module and/or a second storage module.

In this implementation variant, the devices are kept simple, for example without such corresponding modules. This is advantageous in order to keep these devices as simple as possible and to connect to the distributed database system. In this way, especially cost-effective equipment can be used.

In another implementation variant, the devices comprise a first device checking module and/or a first device implementing module and/or a second device storing module. Depending on the selected implementation, the first checking module and/or the first implementing module and/or the second storing module can access corresponding modules of these devices when implementing their functionality/tasks.

In other words, these devices (modules) are known to the control system or the distributed database system (for example by means of data stored in tables). The first check module 140 and/or the first implementation module 150 and/or the second storage module 160 have information about how the device module 150_D can be addressed or manipulated (for example via a table inside the module, for example via A broadcast message in the communication network NW1 or preferably automatically updated via the distributed database system BC). In this case, the first checking module and/or the first implementing module and/or the second storing module preferably only realize the part which will send the required information or tasks (such as controlling the transaction or confirming the transaction or carried out by the checking module) The results of the inspection) are distributed or transmitted to the corresponding one or more devices. The remaining functionality is implemented via these equipment modules.

This is advantageous in that the more computationally intensive inspection tasks performed by the first examination module or the more computationally intensive implementation tasks performed by the first execution module are completely or partially offloaded to the corresponding device.

The control system may also include an optional registration module.

This registration module can be designed, for example, as a software and/or hardware component—similar to first selection module 110 (for example, as a smart contract of a blockchain or as a trusted node of a blockchain). In particular, the registry module can be implemented via a blockchain or a smart contract, or be a software component of a blockchain infrastructure. Alternatively, the registration module can be implemented as a specific trusted node whose network address is known, for example. If, for example, a closed distributed database system is involved, in which case only authorized nodes and/or devices are connected to the control system or to the distributed database system, in particular only The network address of the registration module is known.

The registration module is set up to add new nodes and/or devices to the control system. Once a new device and/or node wants to join the control system or the distributed database system, the new device or the new node sends an inquiry to the registration module. This can be done directly by, for example, transmitting node and/or device information directly to the registration module. If this is done indirectly, the query is forwarded between the nodes and modules of the distributed database system until it reaches the registration module.

Here, these node and/or device information may include the following information:

-Device Address/Node Address

- The operator of the device/node

- Functional scope of the device/node

- Cryptographic keys (e.g. for checking checksums/digital signatures generated by devices/nodes)

- Other properties that are required when checking implementation requirements.

Then, these devices and/or node information can be stored in the control system (for example, stored in a corresponding table), so that the inspection and/or implementation of the control instruction or control transaction can be realized through the corresponding module .

If the database system is, for example, a closed distributed database system, the registration module also checks whether the device/node has access authorization—ie in particular whether the device/node is accepted as part of the control system or the distributed database system. To this end, the device/node, for example, provides authentication information (cryptographic keys, passwords, etc.), which are checked by the registration module. Here, the following selection rule may also be considered if necessary: whether the corresponding device is registered or not.

Such node and/or device information is eg detected if the database system is eg a public distributed database system.

Depending on the implementation variant, checking module 140 and/or implementing module 150 and/or second storage module 160 are optional modules.

Figure 2 shows a second embodiment of the invention enabling the control of devices implemented as nodes of the blockchain BC.

This variant can, for example, also be implemented by the exemplary embodiment of FIG. 1 or is compatible with this exemplary embodiment. Correspondingly, the control system in FIG. 2 may also have one or more modules of the control system in FIG. 1 .

Transactions T, which may also include control transactions, are provided by the control system implemented as a blockchain BC.

For example, the fifth transaction T2a is the first control transaction. The sixth transaction T2b is, for example, the second control transaction. The control instruction of the first control transaction can be implemented by the first device node BCN_D_1, for example. The control instruction of the second control transaction can be implemented by the first device node BCN_D_1, for example. For this purpose, a corresponding control transaction can, for example, include a unique identifier for the corresponding device or device node that is to implement the control instructions. Alternatively or additionally, corresponding control instructions may comprise such a unique identifier for the corresponding device or device node which is to implement these control instructions.

In other words, the distributed database system is improved by means of the invention in that the security of the execution of the control commands by the devices and/or nodes is increased.

In a first step S1, a first control command of a first control transaction is transmitted via the blockchain to the first device node BCN_D_1 and implemented by the first device node BCN_D_1. For this purpose, after the first control instruction has been successfully executed by the first device node BCN_D_1, in a second step S2 a confirmation of this execution is written into a confirmation transaction and stored in a data block of the blockchain. In this example, this is the ninth transaction T3a.

In this case, a device node is to be understood in particular as a block chain and at the same time a device or a node with device properties in order to execute control commands.

With the invention, even if the different operators of the individual nodes and devices do not trust each other, it is possible in a simple manner to execute complex chains of control instructions (also called instruction sequences) in (automation) networks in which ) network, nodes and/or devices nodes and/or devices outside the blockchain are networked with each other. In particular, check whether these control instructions can be implemented by means of a distributed database system or blockchain. If, for example, control instructions and/or control transactions should not include corresponding unique identifiers for the devices/nodes that should implement these control instructions, the distributed database system itself can rely on the unique identifiers of the corresponding devices/nodes (e.g. serial number or inventory number) to identify the device/node and transmit a corresponding control transaction with these control instructions to the device/node. For this purpose, the distributed database system can for example comprise a device register which contains corresponding information for the devices/nodes in order to identify these devices/nodes and to transmit corresponding data to these devices/nodes.

A non-illustrated exemplary embodiment of the invention relates to a device as it was explained in FIG. 1 or FIG. 2 with the associated exemplary embodiment.

The device comprises a first communication module, an optional first checking module, an optional first enforcement module and a second storage module, the modules being in communication connection with each other via a bus. In this case, the bus can also be a simple program flow or data exchange between corresponding components.

Additionally, the device may also include, for example, one or more other components, such as a processor, a memory unit, other communication interfaces (e.g. Ethernet, WLAN), input devices, especially a computer keyboard or a computer mouse, and a display device (e.g. monitor). A processor may, for example, include a plurality of other processors that may be used, among other things, to implement other embodiments. The one or more further components can likewise be communicatively connected to each other via a bus, for example.

The processor may be, for example, an ASIC implemented by the application-specific functions of the corresponding modules or all modules of this embodiment (and/or other embodiments), wherein the program components or program instructions are especially implemented as an integrated circuit . The processor can also be, for example, an FPGA, which is especially configured by means of program instructions, so that the FPGA implements the functions of the corresponding modules or all modules of this embodiment (and/or other embodiments).

A first communication module, such as an Ethernet interface, is set up to receive data blocks of a distributed database system (such as a blockchain), wherein

- Control transactions with control instructions for the device are stored in data blocks of the distributed database system.

The first checking module is set up to check the control instructions of the control transaction: whether these control instructions can be implemented by the device.

The first implementation module is set up to implement the control command by the corresponding device as a function of the result of the check.

The second storage module is set up to store the results of the execution of the control instructions in confirmation transactions of the data blocks of the distributed database system.

These modules can be realized, for example, as hardware components or software components or a combination of hardware and software components. For example, software components such as libraries may be used in order to configure the processor with the program instructions of these libraries such that the processor implements the functionality of the corresponding modules.

The device itself can be a node of a blockchain or a distributed database system.

If the device has, for example, a first inspection module and/or a first implementation module, this is advantageous in that the more computationally intensive inspection tasks performed by the control system ( FIGS. 1-2 ) are completely or partially transferred to this device or multiple devices of the same type as the device.

FIG. 3 shows a third exemplary embodiment of the invention as a flow diagram of the method according to the invention.

Preferably, the method is implemented computer-aided.

In a variant, an embodiment of the method for computer-aided control of a device may comprise the following method steps:

- select the control instructions according to selection rules, wherein the selection rules include global selection rules and/or local selection rules and/or device-related selection rules;

- store the corresponding control instructions in a control transaction, where

- said control transactions are stored in said distributed database system (BC),

- said control transactions are transmitted to said devices (D, BCN_D) or nodes (BCN, BCN_D) by means of said distributed database system (BC);

- checking the corresponding control command for one of the corresponding control transactions of the corresponding device, wherein in particular it is checked whether the corresponding device can implement the corresponding control command;

- implementing said control instruction by said corresponding device according to the result of said check;

- storing the result of the implementation of said control instructions in a confirmation transaction of said distributed database system (for example in a data block of said distributed database system).

In a variant, an embodiment of the method for computer-aided control of a device may comprise the following method steps:

- for example selecting control instructions according to selection rules, wherein the selection rules include global selection rules and/or local selection rules and/or device-related selection rules;

- such as storing the corresponding control instructions in a control transaction, where

- for example said control transactions are stored in said distributed database system (BC),

- eg said control transaction is transmitted to said device (D, BCN_D) or node (BCN, BCN_D) by means of said distributed database system (BC);

- for example checking the corresponding control command for one of the corresponding control transactions for the corresponding device, wherein in particular it is checked whether the corresponding device can implement the corresponding control command;

- implementing said control instruction, eg by said corresponding device, according to the result of said check;

- eg storing the result of the implementation of said control instructions in a confirmation transaction of said distributed database system (eg in a data block of said distributed database system).

In detail, in this embodiment, a method for computer-aided control of a device is implemented.

The method comprises a first method step 310 : selecting a control instruction according to a selection rule, wherein the selection rule comprises a global selection rule and/or a local selection rule and/or a device-dependent selection rule.

Furthermore, the method steps may also comprise other features which have been disclosed, for example, in connection with the selection module from the above embodiments. In particular, this method step can include, for example, a check of the implementation requirements stored in the selection rules, in which method step it is checked whether the device/node can implement the corresponding control instruction or whether the corresponding control instruction is fulfilled for this implementation. premise.

The method comprises a second method step 320 of storing corresponding control instructions in a control transaction, wherein

- said control transactions are stored in a distributed database system (BC),

- said control transaction is transmitted to said device (D, BCN_D) or said node (BCN, BCN_D) by means of said distributed database system (BC).

The transfer or transfer takes place, for example, via the first communication network by means of a distributed database system, as already explained in the preceding exemplary embodiments.

The method includes a third method step 330 of checking the corresponding control command for one of the corresponding control transactions of the corresponding device, wherein in particular it is checked whether the corresponding device can execute the corresponding control command. The third to sixth method steps are optional method steps since the selection module has already checked the feasibility of the control command via the node/device pair. These optional method steps can be used, for example, to improve the internal process flow of the distributed database system.

This check yields a result which indicates whether the corresponding device can carry out the Y control commands or cannot carry out the N control commands.

Correspondingly, the method comprises a fourth method step: implementing 340 control instructions by the corresponding device according to the result of the check, wherein the control instructions controlling the transaction are implemented when this has been allowed or confirmed Y by the (check) result.

The method comprises a fifth method step of storing 350 the result of the execution of the control instruction in a confirmation transaction of a data block of the distributed database system.

If, in the course of this check, it turns out that the control commands do not allow N to be executed by the corresponding device or the result indicates that the control commands do not allow N to be executed by the corresponding device, then a sixth method step 360 is carried out. This sixth method step can, for example, interrupt the execution of the control instructions of the instruction sequence by, for example, storing an interrupt control instruction for the control instructions of the instruction sequence in a transaction which is in turn stored in a block of the blockchain middle. Alternatively or additionally, these control commands or other control commands resulting from the sequence of commands may be completely or partially interrupted or declared invalid. Alternatively or additionally, the execution/execution of the corresponding control command is prohibited.

Alternatively or additionally, in the sixth method step the examination can be restarted and the method jumps back to method step three. In this way, for example, it is possible to wait until a corresponding confirmation transaction for a control instruction of the control transaction is provided, for example by a distributed database system. The corresponding confirmed transaction may include, for example, the successful implementation of a control order, such as a single control order or a plurality of control orders among selected control orders, such as those that have been Assigned to or stored in multiple control transactions for different devices/nodes.

For this waiting, for example, a configurable time delay is conceivable, which specifies in particular how long it takes to jump back to the third method step. Alternatively or additionally, the waiting or the repetition of the method steps can be limited by limiting the number of repetitions and/or specifying a maximum waiting time, for example by specifying the number of repetitions. If the corresponding value (maximum waiting time, number of repetitions) is exceeded, the corresponding control command is not executed. This is then preferably recorded in a transaction in the distributed database system.

Alternatively or additionally, the result can also be stored in a confirmation transaction in the blockchain (ie in a block of the blockchain) in a sixth method step.

The individual method steps can be carried out by means of different components of the control system, as already explained in the preceding exemplary embodiments. This is, for example, the distributed database system itself and/or devices and/or nodes of this distributed database system.

By means of the invention (according to this embodiment or a preceding embodiment) it is possible in a simple manner to break down instruction sequences into control instructions or control transactions which are then executed by correspondingly suitable devices. This is ensured by high data integrity, which is achieved, for example, by means of a blockchain (for example in order to achieve manipulation protection of control commands to be executed in control transactions). These devices can also be monitored using the present invention by storing the results of executing control commands or control transactions in confirmation transactions. Here, confirming the transaction may also include details of the execution of the control transaction/control order. This is, for example, manufacturing time or manufacturing problems that arise during execution (eg manufacturing of a product). In this regard, confirming the transaction may also include the information that the execution of the control instruction was not successful. If these unsuccessfully implemented control commands are control commands which are preconditions for other/further control commands, then in particular for these other/further control commands the result of the check of the implementation requirements by the selection module is: these Other/additional control commands must not be carried out by the corresponding device/the corresponding device.

Depending on the implementation variant, method steps three to six ( 330 - 360 ) may be optional method steps.

FIG. 4 shows a fourth embodiment of the invention as selection module 110 .

The selection module 110 is suitable for a distributed database system or for a control system with a distributed database system for controlling and/or monitoring devices or for implementing control commands (for example in the form of transactions).

The selection module 110 comprises a first interface 410 , a first evaluation unit 420 and optionally a configuration memory 430 , which are preferably communicatively connected to each other via a bus 401 . In this case, the bus can also be, for example, a simple program flow or data exchange between corresponding components.

In addition, the selection module can also include, for example, one or more other components, such as a processor, a storage unit, other communication interfaces (such as Ethernet, WLAN), an input device, especially a computer keyboard or a computer mouse, and a display device ( such as a monitor). A processor may, for example, include a plurality of other processors that may be used, among other things, to implement other embodiments. The one or more further components can likewise be communicatively connected to each other via a bus, for example.

The processor may be, for example, an ASIC implemented by applying the functions of corresponding modules (or units) or all modules specific to this embodiment (and/or other embodiments), wherein program components or program instructions are particularly implemented as an integrated circuit. The processor can also be, for example, an FPGA, which is especially configured by means of program instructions, so that the FPGA implements the functions of the corresponding modules or all modules of this embodiment (and/or other embodiments).

The first interface 410 is set up to receive or invoke control commands. In this case, the control command can be transmitted to the first interface 410 by the user, for example, by means of a GUI. However, control instructions may also be provided via a server or other database. This can again be, for example, a distributed database system or a hierarchical database. If the selection module is to be used, for example, in a control system according to the invention, the control commands or command sequences can be transmitted to the control system in the same way as described in this exemplary embodiment.

These control commands can also be provided, for example, by decomposition modules, as already explained in the previous exemplary embodiments. To this end, the decomposition module receives or invokes control instructions or instruction sequences.

In this case, these control commands or command sequences can be transmitted, for example, by the user by means of a GUI and eg via the second interface or the first interface 410 to the first decomposition module. However, these control instructions or instruction sequences can also be provided to the decomposition module via a server or other databases. This can again be, for example, a distributed database system or a hierarchical database.

The first evaluation unit 420 is set up to select the control command according to selection rules, wherein the selection rules include global selection rules and/or local selection rules and/or device-specific selection rules.

The configuration memory includes: device-specific data about devices; and/or device-specific data about nodes; and/or device-specific requirements; and/or implementation requirements; and/or selection rules; entity.

This selection module is particularly useful in improving the implementation of control instructions by devices or nodes connected to each other via a network (e.g. manufacturing robots, control systems for energy distribution networks, bank terminals, ATMs, money transfers between banks) advantageous.

In addition, for example, the security can be improved when running a distributed infrastructure (for example, a distributed database system with devices and/or nodes or nodes/devices accessing a distributed database system that is wholly or partially This is achieved with the help of a distributed database system such as blockchain.

In particular, the term control instruction should be understood broadly. In this case, in addition to the definitions mentioned above, transactions may also be involved, which shall be carried out by means of a device (such as a node of the blockchain or a device outside the blockchain, such as a device D) . In other words, the device converts, in particular, unchecked transactions into checked transactions, wherein the checking takes place, for example, on the basis of device-specific requirements and device-specific data (i.e. implementation requirements), which The data should implement these control instructions.

With the invention, it is possible, for example, to check the required specifications of the selection rules (e.g. device-specific requirements for implementing control instructions on the device) and to ensure that preferably only control transactions which satisfy the specifications of these selection rules are stored in the distribution in a database system. In this case, these selection rules can also predetermine, for example, safety requirements and/or location-related requirements (for example country specification, GPS specification or PLZ) that the device is to fulfill in order to implement the control commands. Alternatively, specific/predetermined authentications and/or verifications can also be required, for example, by means of device-specific requirements for the implementation.

The specification of these selection rules (for example device-specific requirements for nodes or devices) can also be user-specific or include user-specific requirements, for example. For example, a first user may require low precision in the production of workpieces in the plant-specific requirements assigned to the first user. Then, for example, a second user can request greater precision in the production of workpieces in the plant-specific requirements assigned to this second user. In this way, security requirements can also be stored user-dependently. For example, it is also conceivable that specific types or classes of control commands (user-related or non-user-related) are assigned device-specific requirements which are considered by the selection module. For example, it may be required that the control commands for loading the firmware are only carried out by devices which meet predetermined safety requirements, for example, in order to ensure that no one in the manufacturing facility has easy access to firmware expertise. Through these predetermined security requirements, it can be required, for example, that only certain persons have access to the corresponding device or that the device is protected by a password and/or other password mechanisms (for example only possible by inserting a chip card and entering a password (Pin) access).

This could be the case, for example, if someone wants to withdraw cash at a device such as an ATM. Next, the control instruction is, for example, a request from the customer to withdraw cash. If, for example, the corresponding customer (for example at his home bank or on the Internet) has set that the customer preferably only allows cash withdrawals in predetermined countries, such as Italy, France and Austria, this is stored in the device Of the specific requirements, these device-specific requirements are preferably assigned to specific users. ATMs in Andorra would then not allow withdrawals or prohibit such withdrawals if necessary. For example, a predetermined authentication of the customer can also be required via security requirements. For example, entering a password (Pin) for extraction (this is not necessarily the case in the USA, for example) and/or requiring a specific password length (e.g. 8 characters); and/or requiring other additional authentication methods (e.g. 2 Factor Authentication, Mobile-Tan, Google Authenticator). For example, the loading of a credit card can be realized in a similar manner, wherein, for example, device-specific requirements for the credit card and the device prescribe security requirements for this loading. For example, the deposit card or the device must use or possess a predetermined cryptographic method and/or authentication method for this loading in order to carry out the loading process. These mentioned examples or specifications are preferably stored in selection rules and structured/organized according to global, local and/or device-specific selection rules.

Alternatively or additionally, the (first) evaluation unit can also evaluate the control commands more extensively if it is checked that the specification of the selection rule is followed for the control commands. If, for example, the evaluation unit has found that the equipment-specific requirements are not met or cannot be met (for example, control instructions were sent from non-authorized countries or are envisaged for implementation in non-authorized countries), then for example (paragraph a) The evaluation unit can create a control transaction which indicates to the corresponding device, node or system the non-enforceability and preferably prohibits or prevents the implementation of these control instructions in such a way that the corresponding control instructions do not generate A control transaction that includes a control order that cannot be enforced. In this case, a control command that cannot be implemented is also to be understood as a control command that does not satisfy the specification of the selection rule. In the selection rules it is also possible to predetermine how to react if the specification of the selection rules for all or some of the control commands is not fulfilled. For example, it can be configured here that when the specifications of the selection rule are not met, a control transaction is simply not created or a control transaction is created stating that a control instruction of a certain data source does not comply with these specifications. In this case, it is also possible, for example, to explain why these control commands do not satisfy the specification of the selection rule (eg these control commands cannot be implemented by any of the devices).

Alternatively, it is also possible, for example, that no control transaction is generated and that at some point there is a timeout for executing the control command, for example after a predetermined period of time there is a timeout for executing the control command. This property can also be configured in selection rules, for example.

In order to ascertain the implementability of the control instructions, the (first) evaluation unit, for example, combines the specifications of the selection rules (e.g. device-specific data) with the devices or properties of these devices and these control instructions (e.g. which resources these control instructions require or which Which machines are required by the control instructions) to find out whether these control instructions are allowed to be implemented.

In this case, for example, the device-specific requirements of these control commands are also checked. Then, depending on the result of this comparison, either a control transaction is created that allows the implementation of these control instructions on the corresponding device, or a control transaction is not created or a control transaction is created that prohibits or prevents the implementation of these control instructions and/or notifies those who have provided them. These control instructions cannot be implemented.

If the (first) evaluation unit finds, according to the specification of the selection rule, that these control instructions can be implemented (i.e. the comparison is positive), a control transaction is created for the corresponding control instruction, and when this is configured for example in the selection rule When these control transactions are embedded in the distributed database system.

For this purpose, the selected control commands are transmitted to the first storage module. This transfer can take place, for example, by the (first) evaluation unit or the selection module itself.

The first memory module is set up to store the corresponding control commands in the control transaction if these control commands are allowed to be executed, for example, by one of the devices (for example an automatic teller machine).

In other words, it is specified, for example on the basis of the result of this comparison, whether and/or with what content the control transaction is stored.

For storage, the control transaction can then be stored in a data block (B) of the distributed database system (BC), wherein in particular a control transaction is transmitted to the device by means of the data block (B) as soon as a control transaction is created (D, BCN_D) or node.

In addition, the selection module 110 can also include, for example, a first storage module and/or other modules, as already explained in the exemplary embodiments. A node or a device can then include, for example, a checking module and/or an enforcement module, as already explained in the exemplary embodiments.

For example, it would also be conceivable that online banking is secured in the above-mentioned manner in that the security requirements and/or location-related requirements of the computer (i.e. the device sending the control commands) are checked and in order to check Indicate whether withdrawals or transfers via other devices are allowed. For this purpose, the computer can be, for example, a node or a device of a distributed database system—as already explained.

FIG. 5 shows a fifth exemplary embodiment of the invention as a flowchart of the method according to the invention.

Preferably, the method is implemented computer-aided.

In detail, a method for computer-aided selection of control instructions is implemented in this embodiment, wherein the selected control instructions are implemented by devices or nodes of a distributed database system. The method can also be used, for example, to determine the practicability of a control command, as is explained, for example, in FIG. 4 .

The method comprises a first method step 510: receiving or invoking a control command.

The method comprises a second method step 520 : selecting a control instruction according to a selection rule, wherein the selection rule comprises a global selection rule and/or a local selection rule and/or a device-dependent selection rule.

For example, by means of the specification of selection rules, it is checked whether a device fulfills device-specific requirements by checking device-specific data for the corresponding device.

In this case, device-specific requirements and/or prerequisite control instructions are stored or stored in the implementation requirements. In this case, the distributed database system is, for example, a blockchain.

In this case, the nodes or devices are connected, for example, by means of a distributed database system.

In order to check the implementability of the control instructions, eg check the implementation requirements of the selection rules. For this purpose, the device-specific requirements or prerequisite control commands are analyzed and compared with control commands and device-specific requirements already implemented for the available devices. For example, in this step a specific assignment or assignment to specific nodes or specific devices can take place for the execution of these control commands. In this way, in particular the security of implementing the control commands is improved or guaranteed, so that only control commands which satisfy the specification of the selection rule are stored in the control transactions of the distributed database system.

Although the invention has been further illustrated and described in detail by the examples, the invention is not limited to the disclosed examples, but other variants can be derived therefrom by those skilled in the art without departing from the scope of protection of the invention.

[1]

Andreas M. Antonopoulos, “Mastering Bitcoin: Unlocking Digital Cryptocurrencies,” O’Reilly Media, December 2014

[2]

Roger M. Needham, Michael D. Schroeder "Using encryption for authentication in large networks of computers" ACM: Communications of the ACM. Volume 21, Number 12, December 1978

[3]

"Security Engineering. A Guide to Building Dependable Distributed Systems" by Ross Anderson, Wiley, 2001

[4]

"Ethereum: Blockchains, Digital Assets, SmartContracts, Decentralized Autonomous Organizations" by Henning Diedrich, CreateSpace Independent Publishing Platform, 2016

[5]

"The Ethereum Book Project/Mastering Ethereum" https://github.com/ethereumbook/ethereumbook, as of October 5, 2017

[6]

"The Swirlds Hashgraph Consensus Algorithm: Fair, Fast, Byzantine Fault Tolerance" by Leemon Baird, Swirlds Tech Report SWIRLDS-TR-2016-01, May 31, 2016

[7]

"Overview of Swirlds Hashgraph" by Leemon Baird, May 31, 2016

[8]

Blockchain oracle

https://blockchainhub.net/blockchain-oracles/

As of March 14, 2018

[9]

Joseph Poon, Thaddeus Dryja: The Bitcoin Lightning Network: Scalable Off- Chain Instant Payments. 14 January 2016, accessed 30 June 2018 (PDF; 3MB; in English).

Claims (23)

1. A selection module (110) for a distributed database system or for a control system for controlling and/or monitoring a device having a distributed database system, the selection module having:

-a first interface (810) for receiving or calling a control instruction;

-a first evaluation unit (820) for selecting control instructions in dependence on selection rules, wherein the selection rules comprise global selection rules and/or local selection rules and/or device-dependent selection rules, wherein

-the selection module comprises a first storage module (130) for storing a corresponding control instruction in a control transaction,

-the control transaction is stored in a distributed database system (BC),

-the control transaction is transmitted to a device (D, BCN _ D) or node by means of the distributed database system.

2. Selection module (110) according to claim 1, wherein

-the selection module (110) comprises a first decomposition module;

-the first decomposition module is set up to decompose a sequence of instructions into corresponding control instructions;

the corresponding control instructions are for example provided to the control system or the selection module.

3. Selection module (110) according to any one of claims 1 to 2, wherein

-the selection module (110) comprises an activity module;

-the activity module is set up to display or record the activity of the selection module.

4. Selection module (110) according to any of claims 1 to 2, wherein the selection module comprises a configuration memory comprising device-specific data about devices and/or device-specific data about nodes and/or device-specific requirements.

5. Selection module (110) according to any one of claims 1 to 2, wherein the selection module comprises a management interface.

6. Selection module (110) according to any of claims 1 to 2, wherein the selection module comprises a detection unit for detecting device-specific data about a device or device-specific data about a node.

7. The selection module (110) according to one of claims 1 to 2, wherein the selection module is a node of a distributed database system or is an intelligent contract of a distributed database system or is constructed as a device.

8. Selection module (110) according to any one of claims 1 to 2, wherein

The first evaluation unit determines implementation requirements for implementation as a function of device-specific requirements and/or precondition control instructions and device-specific data and/or control instructions that have been implemented,

-said implementation requirements are determined according to the result of a comparison of device-specific requirements and/or precondition control instructions with device-specific data and/or control instructions that have been implemented.

9. Selection module (110) according to any one of claims 1 to 2, wherein

The first evaluation unit determines implementation requirements for implementation from the implementability of the node or device of the assigned data depending on the control instruction,

-the implementation requirements are determined by the result of a check of the implementability of the nodes or devices of the distributed database system according to the control instructions.

10. Selection module (110) according to any one of claims 1 to 2, wherein

-the control transaction is transmitted to a device (D, BCN _ D) or node by means of a data block (B).

11. Selection module (110) according to any one of claims 1 to 2, wherein

-the selection module selects by means of the selection rule a control instruction, which can be implemented by a node (BCN, BCN _ D) of the distributed database system (BC) or by the device (D, BCN _ D).

12. Method for computer-aided selection of control instructions by means of a selection module (110) according to one of claims 1 to 11, having the following method steps:

-receiving (510) or invoking a control instruction;

-selecting the control instructions in dependence of selection rules, wherein the selection rules comprise global selection rules and/or local selection rules and/or device-dependent selection rules.

13. A control system for controlling and/or monitoring a device, the control system comprising:

-a distributed database system (BC);

-a first selection module (110) for selecting a control instruction in dependence on a selection rule, wherein

-the selection rules comprise global selection rules and/or local selection rules and/or device-dependent selection rules,

-the first selection module (110) is a selection module (110) according to any one of claims 1-11;

-a first storage module (130) for storing the selected control instructions in a control transaction, wherein

-the control transaction is stored in the distributed database system (BC),

-the control transaction is transmitted to a device (D, BCN _ D) or node (BCN, BCN _ D) by means of the distributed database system (BC).

14. The control system of claim 13, wherein

-the selection module selects, by means of the selection rule, a control instruction that can be implemented by a node (BCN, BCN _ D) of the distributed database system (BC) or by the apparatus (D, BCN _ D).

15. A control system according to claim 13 or 14, wherein

-storing implementation requirements and/or device-specific requirements and/or premise control instructions in the selection rules,

-the precondition control instruction is an already implemented control instruction for which a confirmation regarding the implementation of the already implemented control instruction is stored in a confirmation transaction of a data block of the distributed database system, or for which a confirmation regarding the implementation of the already implemented control instruction is stored in a confirmation transaction of the distributed database system.

16. A control system according to claim 13 or 14, wherein

-the distributed database system is a blockchain and comprises data blocks,

-a data block is a block of the block chain.

17. A control system according to claim 13 or 14, wherein

The respective control transaction comprises a unique identifier for the device and/or node that should implement the corresponding control instruction.

18. The control system of claim 13 or 14, wherein the data blocks are linked to each other by a cryptographic hash function.

19. The control system according to claim 13 or 14, wherein the control system comprises a first checking module and/or a first implementing module and/or a second storing module.

20. A control system according to claim 13 or 14, wherein

-the control system or the selection module (110) comprises an activity module,

the activity module is set up to display or record the activity of the device and/or the selection module.

21. Method for computer-aided control of a device by means of a control system according to one of claims 13 to 20, having the following method steps:

-selecting the control instructions in dependence of selection rules, wherein the selection rules comprise global selection rules and/or local selection rules and/or device-dependent selection rules;

-storing the corresponding control instructions in a control transaction, wherein

-the control transaction is stored in a distributed database system (BC),

-the control transaction is transmitted to a device (D, BCN _ D) or node (BCN, BCN _ D) by means of the distributed database system (BC).

22. A machine readable storage medium having stored thereon a computer program having program instructions for executing the method according to claim 12 and/or claim 21.

23. A providing device, wherein the providing device is capable of providing the machine-readable storage medium of claim 22.

Images